CVE-2024-57189

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

CVE-2025-31359

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 55879. This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Setuptools vulnerability (USN-7544-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7544-1 advisory. It was discovered that setuptools did not properly sanitize paths. An attacker could...

CVE-2024-47903

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices allows to write arbitrary files to t...

CVE-2024-49366

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file...

CVE-2024-34597

Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability...

CVE-2024-27876

A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files...

CVE-2024-20870

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

CVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion...

CVE-2024-47151

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2024-55947

Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

CVE-2024-20853

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore...

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

CVE-2023-23424

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

CVE-2023-23426

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure...

CVE-2023-35081

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance...

CVE-2023-3941

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0...

CVE-2023-30723

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege...

CVE-2023-50731

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...