CVE-2024-48864 File Station 5

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories. We have already fixed the vulnerability in the following versions: File Station 5...

CVE-2025-27142

LocalSend (before v1.17.0) has a path-traversal flaw in the file upload flow that allows writing files to arbitrary locations via the vulnerable endpoints, enabling remote command execution. The issue stems from missing path sanitization in the following endpoints: POST /api/localsend/v2/prepare-...

Advisory ROSA-SA-2025-2701

Software: gzip 1.9 OS: ROSA Virtualization 3.0 packageevrstring: gzip-1.9 CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker acting remotely to...

IBM App Connect Enterprise Path Traversal Vulnerability

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud native IBM App Connect Enterprise combines existing industry-trusted IBM...

Ivanti Connect Secure 22.x < 22.7R2.4 Multiple Vulnerabilities

The Ivanti Connect Secure installed on the remote host is prior to 22.7R2.4. It is, therefore, affected by multiple vulnerabilities in the admin portal: - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a...

CVE-2022-43594

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

CVE-2024-47265

CVE-2024-47265 is a path traversal vulnerability in Synology Active Backup for Business with improper limitation of a pathname to a restricted directory. Affects multiple pre-2.7.1-13234/2.7.1-23234/2.7.1-3234 builds where remote authenticated users can write specific files via unspecified vector...

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2025-0799

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

CVE-2022-36987

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server...

CVE-2022-39858

Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege...

CVE-2024-21575

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the image.filename field in a POST request sent to the /upload/temp endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some...

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

CVE-2024-8885

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files...

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2025-0851 Path traversal issue in Deep Java Library

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

CVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion...

CVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion...

CVE-2024-54724

CVE-2024-54724 affects PHPYun prior to 7.0.2. The documented vulnerability allows code execution through backdoor‑restricted arbitrary file writing and file inclusion. Public sources indicate a high‑severity impact (CVSS v3.1: 9.8, CRITICAL, network access, no privileges required, no user interac...