CVE-2025-1056

CVE-2025-1056 affects Axis Camera Station Pro. A non-admin user can modify a specific file used by the server to create files or alter content in an admin-protected location. Axis has released a patched version; see Axis security advisory for details and remediation steps. The connected Red Hat, ...

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform allows a hacker to modify arbitrary files and cause service interruptions.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform is related to errors in inherited permissions. Exploiting this vulnerability could allow attackers to modify arbitrary files and cause service failures...

AXIS Camera Station Pro 安全漏洞

AXIS Camera Station Pro is a powerful and flexible video management and access control from Axis Sweden. AXIS Camera Station Pro has a security vulnerability that originates from the possibility that a non-administrative user could modify specific files, resulting in the creation or alteration of...

PT-2025-17600 · Axis · Axis Camera Station Pro

Name of the Vulnerable Software and Affected Versions: AXIS Camera Station Pro affected versions not specified Description: A non-admin user can modify a specific file used by the server to create files or change the content of files in an admin-protected location. The issue was identified by...

CVE-2025-32018

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

CVE-2025-32018

Cursor is an AI-codeditor. Versions 0.45.0–0.48.6 contain a regression that broadens the Cursor Agent’s file-modification permissions, allowing, under deliberate prompting (user or crafted context), automatic writes to files outside the opened workspace. The vulnerability can manifest when the ag...

CVE-2025-31187

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system...

Medium: ansible-core

Issue Overview: A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home director...

Medium: ansible-core

Issue Overview: A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home director...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal through the rendermav function. An attacker can access or modify files on the server by manipulating the input to traverse outside the intended directory structure. Remediation Upgrade org.noear:solon-view-beetl ...

github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impact A malicious user could feed a specially crafted archive to this library causing RCE, modification of files or other bad things in the context of whatever user is running this library as, through the program that imports it. The severity highly depends on the user's permissions and...

CVE-2025-27726

Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a...

Imperva Protects Against Apache Tomcat Deserialization Vulnerability

Overview A newly disclosed vulnerability, CVE-2025-24813, affecting Apache Tomcat, has been identified as a high-risk path equivalence vulnerability that allows attackers to manipulate filenames with internal dots . under specific conditions, leading to unauthorized file access, modification, and...

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to the use of files and directories accessible to external parties, allows a perpetrator to delete or modify any files they desire.

The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the use of files and directories accessible to external parties. Exploiting this vulnerability could allow attackers to delete or modify any arbitrary file...

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to the use of files and directories accessible to external parties, allows a perpetrator to delete or modify any files they desire.

The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the use of files and directories accessible to external parties. Exploiting this vulnerability could allow attackers to delete or modify any arbitrary file...

Linux Distros Unpatched Vulnerability : CVE-2018-20482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read...

CVE-2025-24965 .krun_config.json symlink attack creates or overwrites file on the host in crun

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

CVE-2025-24406

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...

Adobe Commerce Path Traversal

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...

GHSA-954P-FF72-327W Adobe Commerce Path Traversal

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...