CVE-2025-5740

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path...

Important: python2-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

Important: python-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

Erxes Path Traversal vulnerability

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

CVE-2025-5740

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path...

erxes 安全漏洞

erxes is an open source Hubspot/Qualtrics alternative to erxes open source. Enabling SaaS providers and digital marketing agencies/developers to create unique experiences for their entire business. A security vulnerability exists in erxes versions prior to 1.6.2, which stems from a path traversal...

CVE-2024-57189

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

PT-2025-24712 · Erxes · Erxes

Name of the Vulnerable Software and Affected Versions: Erxes versions prior to 1.6.2 Description: The issue allows an authenticated attacker to write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. Recommendations: For...

The vulnerability of the TarFile.extractall() and TarFile.extract() functions in the tarfile module of the Python programming language interpreter (CPython) allows attackers to write arbitrary files.

The vulnerability of the TarFile.extractall and TarFile.extract functions in the tarfile module of the CPython interpreter is related to an incorrect path name limitation for restricted access directories when processing the filter= parameter with a value of data or tar. Exploiting this...

CVE-2025-43026

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

openSUSE Security Advisory (SUSE-SU-2025:01810-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Synology Router Manager (SRM) 1.3.x File Write Vulnerability (Synology-SA-25:07)

Synology Router Manager SRM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-43026

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

CVE-2025-43026

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

CVE-2025-43026 HP Support Assistant – Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

CVE-2024-36486

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 55740. When an archived virtual machine is restored, the prlvmarchiver tool decompresses the file and writes the content back to its original location...

Security update for python-setuptools

This update for python-setuptools fixes the following issues: CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write bsc1243313. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

HP Support Assistant – Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. HP has identified affected versions and the minimum version that...

CVE-2025-20259

Cisco ThousandEyes Endpoint Agent for Windows is affected by vulnerabilities in the update process that allow an authenticated, local attacker to delete arbitrary files via a symbolic-link upgrade path. Root cause: improper access controls on local filesystem during the agent upgrade, enabling th...

CVE-2025-20259 Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Write Vulnerability

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An...