7249 matches found
CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
CVE-2025-51463
CVE-2025-51463 concerns AIM 3.28.0, where a path traversal flaw in the restore_run_backup() function lets remote attackers craft a backup tar for the run_instruction API and write arbitrary files to the server filesystem because paths are not validated during extraction. Affected component: AIM s...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...
GHSA-XQPG-92FQ-GRFG `pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
Summary An authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible ...
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
Summary An authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible ...
CVE-2025-54071
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...
CVE-2025-54071
CVE-2025-54071 describes an authenticated arbitrary file write vulnerability in RomM (ROM Manager) version 4.0.0-beta.3 and earlier, exploitable via the /api/saves endpoint. An attacker who has a viewer role or Scope.ASSETS_WRITE permission (or higher) can bypass auth checks and write arbitrary f...
CVE-2025-54071 RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...
CVE-2025-54071 RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...
CVE-2025-54071 RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...
Directory Traversal
Overview org.apache.jena:jena-fuseki-webapp is a Fuseki is a SPARQL 1.1 Server which provides the SPARQL query, SPARQL update and SPARQL graph store protocols. Affected versions of this package are vulnerable to Directory Traversal via the Fuseki Web UI. An attacker can create files outside the...
Sophos Firewall 安全漏洞
Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall versions prior to 21.0 MR2, which stems from the presence of an arbitrary file write in the Secure PDF eXchange feature that could lead to pre-authenticated remote code execution...
PT-2025-30340 · Romm · Romm
Name of the Vulnerable Software and Affected Versions: RomM versions 4.0.0-beta.3 and below Description: RomM is a tool that allows users to manage their game collections. An authenticated arbitrary file write issue exists in the /api/saves endpoint. This can lead to Remote Code Execution. The...
Directory Traversal
Overview MoneyPrinterTurbo is a Simply provide a topic or keyword for a video, and it will automatically generate the video copy, video materials, video subtitles, and video background music before synthesizing a high-definition short video.. Affected versions of this package are vulnerable to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the path.join function. An attacker can bypass the path traversal protection and access restricted files by crafting specific path inputs that leverage Windows reserved driver names such as CON, PRN, and AUX. Note...
OESA-2025-1859 plexus-archiver security update
The Plexus project provides a full software stack for creating and executing software projects. It provides a number of pre-built components for common tasks and toolkits such as Jetty, Velocity, Hibernate, i18n, and many more. However, Plexus is also able to reuse your existing components writte...