7249 matches found
CVE-2025-40738
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...
CVE-2025-40737
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...
Siemens SINEC NMS 路径遍历漏洞
Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...
CVE-2025-6806
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2025-6806
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2025-6801
Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...
CVE-2025-6801
Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...
CVE-2025-6806 Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2025-6806 Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2025-6806
CVE-2025-6806 – Marvell QConvergeConsole decryptFile Directory Traversal : The vulnerability affects Marvell QConvergeConsole in the decryptFile method, where insufficient validation of a user-supplied path allows a remote attacker (no authentication required) to perform arbitrary file writes on ...
CVE-2025-6801
Summary: CVE-2025-6801 affects Marvell QConvergeConsole. A flaw in the implementation of the saveNICParamsToFile method fails to validate a user-supplied path before performing file I/O, enabling an unauthenticated, network‑remote attacker to write arbitrary files with SYSTEM privileges. This pat...
CVE-2025-6801 Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability
Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...
CVE-2025-6801 Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability
Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...
Marvell QConvergeConsole 路径遍历漏洞
Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the saveNICParamsToFile method. An attacker could exploit the vulnerability to write a file in the SYSTEM...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fileUploadHandler function in the rest.go file. An attacker can overwrite arbitrary files owned by the application user by uploading files with crafted path names, potentially modifying application behavior o...
CVE-2025-34074 Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...
The vulnerability of Notepad++ installer allows a hacker to elevate their privileges and write arbitrary files.
The vulnerability of the Notepad++ text editor is related to deficiencies in access control, resulting from uncontrolled access to search paths. Exploiting this vulnerability can allow attackers to enhance their privileges and write arbitrary files...
(0Day) Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile method. The issue results from the lack o...