UBUNTU-CVE-2025-53906

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability...

CVE-2025-7619

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...

CVE-2025-7619

CVE-2025-7619 concerns BatchSignCS (WellChoose) on Windows with an Arbitrary File Write vulnerability, described across multiple sources as involving a path traversal flaw that could enable writing files to arbitrary paths when a user visits a malicious site while the app is running. The connecte...

CVE-2025-7619 WellChoose｜BatchSignCS - Arbitrary File Write through Path Traversal

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...

CVE-2025-7619 WellChoose｜BatchSignCS - Arbitrary File Write through Path Traversal

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...

WellChoose BatchSignCS 安全漏洞

WellChoose BatchSignCS is a signing service system from WellChoose, Inc. of Taiwan, China. A security vulnerability exists in WellChoose BatchSignCS that originates from an arbitrary file write and could lead to the execution of arbitrary code...

PT-2025-29415 · Wellchoose · Batchsigncs

Name of the Vulnerable Software and Affected Versions: BatchSignCS affected versions not specified Description: BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running,...

curl: Uncontrolled File Write/Arbitrary File Creation

Description The dumpeasysrc function in the provided code snippet allows an attacker to specify an arbitrary file path for outputting the generated libcurl source code via the global-libcurl variable. If the global-libcurl value is not properly sanitized or restricted, a malicious user could...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ResetUserAvatar function in the API component when processing the filename argument. An attacker can overwrite or delete arbitrary files on the server by supplying crafted path values. Details A Directory...

CVE-2025-7401

The CVE-2025-7401 entry concerns the Premium Age Verification / Restriction for WordPress plugin (vulnerable up to 3.0.2). A remote_tunnel.php endpoint with insufficient access protection enables unauthenticated attackers to read from and write to arbitrary files on the affected site’s server, po...

CVE-2025-7401 Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php

The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remotetunnel.php in all versions up to, and including, 3.0.2. This makes it possible for...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extraction process of zip archives. An attacker can write files to arbitrary locations on the file system by crafting a zip archive with directory traversal sequences in file paths. Note: This is only...

USN-7626-2 git regression

USN-7626-1 fixed vulnerabilities in Git. The update introduced a regression in gitk and git-gui. This update reverts the corresponding fixes for CVE-2025-27613 and CVE-2025-46835 pending further investigation. We apologize for the inconvenience. Original advisory details: Avi Halachmi discovered...

CVE-2025-6806

Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2025-6801

Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...

DEBIAN-CVE-2025-38258

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damonsysfsschemefilter-memcgpath on write memcgpathstore assigns a newly allocated memory buffer to filter-memcgpath, without deallocating the previously allocated and assigned memory buffer. As a...

UBUNTU-CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...