PT-2025-11983 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: The issue affects a voice conversion tool, allowing for arbitrary file write in the train.py file. This can lead to writing arbitrary files on the server and potentially achieve remote code...

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software lies in the incorrect limitation of the path name in the restricted access catalog, allowing attackers to read and write arbitrary files.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to an incorrect limitation on the name of the path to the restricted-access catalog. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files remotely...

GHSA-94VH-GPHV-8PM8 zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write

Summary In the archive extraction routine of affected versions of the zip crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in th...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

GHSA-8VVX-QVQ9-5948 Flowise allows arbitrary file write to RCE

Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...

Flowise allows arbitrary file write to RCE

Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...

CVE-2024-54449 Remote Code Execution (RCE) via Arbitrary File Write In Document API

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘writ...

CVE-2024-54449 Remote Code Execution (RCE) via Arbitrary File Write In Document API

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘writ...

CVE-2025-23360

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...

CVE-2025-23360

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...

CVE-2025-23360

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...

CVE-2025-23360

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...

rsync: --safe-links option bypass leads to path traversal

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

Fortinet FortiWeb Directory Traversal Arbitrary File Write (FG-IR-24-439)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-439 advisory. - A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through...

CVE-2025-27519 Cognita Arbitrary File Write

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

CVE-2025-27519 Cognita Arbitrary File Write

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

Linux Distros Unpatched Vulnerability : CVE-2021-39134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...

Linux Distros Unpatched Vulnerability : CVE-2023-35936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior...

Linux Distros Unpatched Vulnerability : CVE-2023-38745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the...