CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...

6.5CVSS6.3AI score0.0056EPSS

Exploits1References3

Tenable Nessus•added 2025/08/13 12:0 a.m.•6 views

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2025:02767-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02767-1 advisory. - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. -...

7.5CVSS6.7AI score0.00586EPSS

Exploits1References12

OSV•added 2025/08/11 1:53 p.m.•7 views

BIT-LIBPYTHON-2025-4517 Arbitrary writes via tarfile realpath overflow

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS8AI score0.01184EPSS

Exploits11References13

OSV•added 2025/08/11 1:53 p.m.•5 views

BIT-LIBPYTHON-2025-4435 Tarfile extracts filtered members when errorlevel=0

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

7.5CVSS7.1AI score0.00474EPSS

Exploits1References12

NVD•added 2025/08/08 12:15 p.m.•6 views

CVE-2025-8749

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...

6.5CVSS0.00365EPSS

Exploits0References2

Cvelist•added 2025/08/08 11:46 a.m.•8 views

CVE-2025-8749 Path traversal vulnerability in MiR robot software via API requests

6.5CVSS0.00365EPSS

Exploits0References2

CVE•added 2025/08/08 11:46 a.m.•14 views

CVE-2025-8749

CVE-2025-8749 describes a path-traversal vulnerability in the API endpoint of Mobile Industrial Robots (MiR) software, affecting MiR software versions prior to 3.0.0. An authenticated user can trigger the flaw via a crafted API request to extract files from the robot file system. The CVSS vector ...

6.5CVSS6.1AI score0.00365EPSS

Exploits0References2

Vulnrichment•added 2025/08/08 11:46 a.m.•4 views

CVE-2025-8749 Path traversal vulnerability in MiR robot software via API requests

6.5CVSS6AI score0.00365EPSS

Exploits0References2

CNNVD•added 2025/08/08 12:0 a.m.•2 views

Mobile Industrial Robots MiR Robots 安全漏洞

Mobile Industrial Robots MiR Robots is an autonomous mobile robot from Mobile Industrial Robots, Denmark. A security vulnerability exists in Mobile Industrial Robots MiR Robots versions prior to 3.0.0, which stems from a path traversal issue in the API endpoint that could lead to file extraction...

6.5CVSS6.6AI score0.00365EPSS

Exploits0References3

RedhatCVE•added 2025/07/13 12:39 a.m.•12 views

CVE-2025-45582

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

5.6CVSS6.2AI score0.00433EPSS

Exploits1References6

RedhatCVE•added 2025/07/10 11:22 a.m.•16 views

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.8CVSS7.6AI score0.07166EPSS

Exploits0References1

RedhatCVE•added 2025/07/10 1:30 a.m.•3 views

CVE-2025-42971

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file...

4CVSS7AI score0.0014EPSS

Exploits0References1

CVE•added 2025/07/08 10:34 a.m.•23 views

CVE-2025-40737

CVE-2025-40737 affects Siemens SINEC NMS versions prior to 4.0. The issue is a path traversal/ZIP extraction flaw where file paths are not properly validated, allowing an attacker to write arbitrary files to restricted locations and potentially achieve code execution with elevated privileges (ZDI...

8.8CVSS7.5AI score0.07166EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by