CVE-2025-40908 YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...

CVE-2025-40908 YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...

CVE-2025-40908

CVE-2025-40908 affects perl-YAML-LibYAML; versions before 0.903.0 are vulnerable due to a 2-argument open that can modify existing files. The issue is confirmed in multiple sources; impact is described as high for confidentiality and integrity with critical severity (CVSS 3.1: 9.1). A fixed versi...

CVE-2025-40908

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...

libyaml 安全漏洞

libyaml is a codec library for YAML from the YAML community. A security vulnerability exists in versions of libyaml prior to 0.903.0, which stems from the use of the parameter open that may result in modification of existing files...

PT-2025-23428

Name of the Vulnerable Software and Affected Versions YAML-LibYAML versions prior to 0.903.0 Description YAML-LibYAML uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted...

Infoblox NIOS Privilege Escalation (000010393)

The version of Infoblox NIOS installed on the remote host is affected by a erroneous access control issue that allows authenticated users to modify and delete system files without proper authorization. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2024-39916

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44252

A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

CVE-2023-32071

XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...

CVE-2023-1509

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

CVE-2023-42819

JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker ca...

CVE-2023-24059

Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023...

CVE-2022-23453

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files...

CVE-2022-4031

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions...

CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification...

CVE-2021-25155

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...