CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

ClickHouse < 19.14.3

The version of ClickHouse installed on the remote host is prior to 19.14.3. It is, therefore, affected by a arbitrary file write vulnerability. In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the...

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files...

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files...

CVE-2025-25765

CVE-2025-25765 affects MRCMS v3.1.2, with a vulnerability in the /file/save.do component that permits arbitrary file write. Descriptions collected across multiple feeds consistently name the affected product and the vulnerable endpoint, indicating an impact on the ability to write files locally. ...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

UBUNTU-CVE-2025-24965

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

Mozilla: Mozilla VPN Clients: RCE via file write and path traversal

The report describes a path traversal vulnerability in the Mozilla VPN client software that allowed for remote code execution. The vulnerability was found in the "livereload" command of the client's inspector feature, which could be accessed when the client was in developer mode with "Use Staging...

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the download function due to improper input validation when processing image references during task exports. . An attacker can access files outside the intended directory structure by creating tasks with path...

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...

CVE-2024-47265

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vector...

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG 6 that stems from insufficient file checking when importing or exporting profile settings via USB. An attacker could exploit the vulnerability to write arbitrary files...