7147 matches found
GHSA-QQX8-2XMM-JRV8 ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider
Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...
GHSA-HF5P-Q87M-CRJ7 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
Summary A path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Example Given an extraction directory set to /tmp/extract, a crafted archive with an entry...
Directory Traversal
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Directory Traversal in the repository boundary validation, due to reliance on string prefix checks for resolved absolute paths. An attacker...
CVE-2026-31843
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the namespace parameter in the Ruler API endpoint after double URL encoding. An attacker can access arbitrary files by sending specially crafted requests. Details A Directory Traversal attack also known as path...
EUVD-2026-22925
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-33929
A flaw was found in Apache PDFBox. A local user with writing rights to a specific directory could be exploited via a malicious PDF file when using the ExtractEmbeddedFiles example. This path traversal CWE-22 vulnerability, which allows an attacker to access files and directories outside of the...
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-0827
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...
CVE-2026-4135
CVE-2026-4135 concerns Lenovo Software Fix. The description indicates that during installation, a local authenticated user could perform an arbitrary file write with elevated privileges, potentially impacting integrity and availability. Affected component is Lenovo Software Fix (no version detail...
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-0827
CVE-2026-0827 concerns Lenovo Diagnostics and the HardwareScanAddin in Lenovo Vantage. The issue, discovered during internal testing, could allow a local authenticated user to perform arbitrary file writes with elevated privileges during installation or while running a hardware scan. The availabl...
CVE-2026-0827
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...
CVE-2026-0827
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...
CVE-2026-0827
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...
CVE-2026-40090
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...