CVE-2025-24406

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...

CVE-2025-24406

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...

CVE-2025-24406 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...

CVE-2025-24406 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...

CVE-2025-24406

CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...

CVE-2022-4224

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device...

CVE-2020-6293

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

CVE-2020-8473

Insufficient folder permissions used by system functions in ABB System 800xA Base version 6.1 and earlier allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her...

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

CVE-2024-48645

In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization CWE-862 allows any user to modify "function" files used by the game when installed on a dedicated server...

CVE-2024-35209

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...

CVE-2025-0781

CVE-2025-0781 affects SimGear/FlightGear: a Nasal scripting sandbox bypass enables writing to arbitrary files the user can modify. Public advisories (Ubuntu USN-7965-1 and Fedora FEDORA-2025-725bba93b2, related Nessus entries) indicate remediation via updates; descriptions also note potential arb...

CVE-2025-24104

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2025-24104

CVE-2025-24104 concerns Apple platforms (iPadOS 17.7.4, iOS 18.3, iPadOS 18.3) where the backup restore process could incorrectly handle symlinks, allowing a malicious backup to point system file reads/writes and potentially modify protected system files. Apple’s advisories indicate the issue is ...

PT-2025-5282 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iPadOS versions prior to 17.7.4 iOS versions prior to 18.3 iPadOS versions prior to 18.3 Description: The issue is related to the handling of symlinks, which could allow an attacker to modify protected system files by restoring a maliciously...

Apple iOS和iPadOS 后置链接漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A backlink vulnerability exists in Apple iOS version 18.3 and iPadOS version 18.3, which stems from the fact that restorin...

CVE-2024-55930

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files...

PT-2025-3158

Name of the Vulnerable Software and Affected Versions Xerox Workplace Suite versions prior to 5.6.701.9 Description The issue concerns weak default folder permissions in the software, allowing unauthorized users to access, modify, or delete files. There is no information provided about the...

CVE-2024-52783

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file...

CVE-2024-52783

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file...