PT-2025-34141

Name of the Vulnerable Software and Affected Versions Directus versions 10.8.0 through 11.9.2 Description A flaw in the file update mechanism of the Directus API allows an unauthenticated actor to modify existing files with arbitrary content or upload new files with arbitrary content and...

Directory Traversal

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the rendering process when generating a directory structure whose rendered path is either a relative parent path or an absolute path. An attacker can...

Arbitrary File Read/Write

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Arbitrary File Read/Write via the exposure of pathlib.Path objects in the Jinja context, which have unconstrained I/O methods. An attacker can access or modify arbitrary files on t...

CVE-2025-55214

CVE-2025-55214 (Copier) : A directory traversal vulnerability affects Copier libraries and CLI from version 7.1.0 up to, but not including, 9.9.1. When using a safe template, an attacker could cause files to be written outside the destination path by exploiting the template rendering of a generat...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

This is a PoC exploit for CVE-2019-19781, a vulnerability in Citrix ADC NetScaler that allows for unauthenticated remote code execution. The tool, called Citrixmash, was published by TrustedSec due to other researchers releasing their code first. The exploit exploits a directory traversal bug in...

CVE-2025-55011

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the taskid parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file...

CVE-2025-50817

Removed by vendor...

CVE-2025-50817

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker...

DEBIAN-CVE-2025-55011

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the taskid parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file...

CVE-2025-55011

Kanboard prior to version 1.2.47 is affected by a path-traversal/file-write vulnerability in the API’s createTaskFile handler. The issue arises because task_id validation is missing and path traversal is not checked, allowing a malicious actor to write files to arbitrary locations reachable by th...

CVE-2025-55011

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the taskid parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file...

CLSA-2025-1755008210 git: Fix of CVE-2025-46835

CVE-2025-46835: fix vulnerability where Git GUI can create and overwrite arbitrary writable files...

Path Traversal

bugsink is vulnerable to Path Traversal. The vulnerability is due to constructing file locations directly from untrusted eventid input without validation, which allows an attacker with access to a valid DSN to create or overwrite files in arbitrary locations...

PT-2025-66: Arbitrary file write in Booco

The vulnerability was identified in Booco, version Server v2.38.3. The discovered vulnerability allows an attacker to supply a relative path in a parameter, which results in a new file being created or an existing file being overwritten in any directory of the file system. Vulnerability status:...

[SECURITY] [DLA 4268-1] node-tmp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4268-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 11, 2025 https://wiki.debian.org/LTS -...

Debian dla-4268 : node-tmp - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4268 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4268-1 [email protected] https://www.debian.org/lts/security/...

curl: Path Traversal in SFTP QUOTE command leads to Arbitrary File Write and potential RCE

Description Summary libcurl is vulnerable to a path traversal attack when processing SFTP QUOTE commands. The internal function Curlgetpathname in lib/vssh/curlpath.c fails to sanitize user-provided paths for traversal sequences ../. An attacker who can control the SFTP QUOTE commands can leverag...

CVE-2025-7376

Windows Shortcut Following .LNK vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions...

UBUNTU-CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

CVE-2025-54802

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...