705 matches found
ApostropheCMS 路径遍历漏洞
ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS prior to 3.5.3 had a path traversal vulnerability. This vulnerability stemmed from unparsed sections of path connections, which could lead to arbitrary file writing...
vaadin 安全漏洞
Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in Vaadin versions 14.14.0 and earlier, 23.6.6...
OESA-2026-1488 hsqldb security update
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...
HP System Event Utility 安全漏洞
HP System Event Utility is a system application developed by Hewlett-Packard HP in the United States, designed to deliver official notifications to systems. There is a security vulnerability in HP System Event Utility, which may lead to denial-of-service attacks and allow for arbitrary file writi...
Google Web Designer 安全漏洞
Google Web Designer is a professional HTML5 advertising and web content creation tool developed by Google Inc. It supports both visual design and code editing. Google Web Designer has a security vulnerability, which stems from the Zip Slip vulnerability. This vulnerability may lead to arbitrary...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the music/playlists/update API endpoint. An attacker can execute arbitrary code by bypassing file extension enforcement and writing malicious files to arbitrary locations on the filesystem, such...
PT-2026-21309
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
MarkUs 安全漏洞
MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.1 contained a security vulnerability due to insufficient file path checking, which could allow arbitrary file writing...
Microsoft Semantic Kernel 路径遍历漏洞
Microsoft Semantic Kernel is a large-scale model orchestration framework developed by Microsoft Corporation. Versions of Microsoft Semantic Kernel prior to 1.70.0 contained a path traversal vulnerability, which was caused by an arbitrary file writing vulnerability in the SessionsPythonPlugin...
CVE-2019-18212
XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...
CVE-1999-0322
The open function in FreeBSD allows local attackers to write to arbitrary files...
CVE-2025-1712
Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...
EUVD-2025-205592
Picklescan vulnerable to Arbitrary File Writing...
Barracuda Service Center 安全漏洞
Barracuda Service Center is a service center software from Barracuda USA. A security vulnerability exists in Barracuda Service Center versions prior to 2025.1.1 that originates from a URL defined in a WSDL under the control of an unauthenticated attacker, which could lead to arbitrary file writin...
USN-7904-1: Ghostscript vulnerabilities
Piotr Kajda discovered that Ghostscript incorrectly handled writing certain files. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service...
PT-2025-44198
Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description A flaw exists in the upgrade feature that could allow for arbitrary file writing, potentially leading to super user permissions on a device. Recommendations BLU-IC2...
EUVD-2015-1337
Malware in sbrugna...
EUVD-2010-4125
Malware in sbrugna...
EUVD-2019-4213
Malware in sbrugna...
EUVD-2020-25964
Malware in sbrugna...