CVE-2020-7119

A vulnerability exists in the Aruba Analytics and Location Engine ALE web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user...

CVE-2025-40592

A vulnerability has been identified in Mendix Studio Pro 10 All versions V10.23.0, Mendix Studio Pro 10.12 All versions V10.12.17, Mendix Studio Pro 10.18 All versions V10.18.7, Mendix Studio Pro 10.6 All versions V10.6.24, Mendix Studio Pro 11 All versions V11.0.0, Mendix Studio Pro 8 All versio...

CVE-1999-0959

IRIX startmidi program allows local users to modify arbitrary files via a symlink attack...

CVE-1999-0702

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability...

CVE-1999-0765

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor...

CVE-1999-0761

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program...

CVE-2025-1056

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version...

PT-2026-28510

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, has an issue in its API for retrieving VM screenshots. This API uses a temporary file for QEMU to write the screenshot to, which is then sent to...

CVE-2025-15065 Data Exposure in Kings Information & Network KESS Enterprise

Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared...

CVE-2018-25144 Microhard Systems IPn4G 1.1.0 Arbitrary File Access via Undocumented System Editor

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform...

CVE-2025-62002

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before a...

CVE-2025-62002

BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single possibly large file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection ca...

BullWall Ransomware Containment 安全漏洞

BullWall Ransomware Containment is a ransomware protection software from BullWall Denmark. A security vulnerability exists in BullWall Ransomware Containment versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 that stems from a dependency on the number of file modifications to trigger detection, whic...

EUVD-2025-202292

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

CVE-2025-63739

Xinhu Rainrock RockOA 2.7.0 is affected by CVE-2025-63739 due to a flaw in phpinisaveAction() in webmain/system/cogini/coginiAction.php. An authenticated user can use the a parameter on index.php to modify PHP configuration files. The vulnerability affects the cited version; Red Hat and other sou...

Plugin Alliance Aquarius Desktop 安全漏洞

Plugin Alliance Aquarius Desktop is an audio plugin management software from Plugin Alliance, Inc. A security vulnerability exists in Plugin Alliance Aquarius Desktop version 3.0.069, which stems from the Supported Data Archiving feature not properly handling symbolic links, which could lead to...

CVE-2025-65843

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the /Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius...

GHSA-MJ73-J457-8X9Q maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

CVE-2025-66265 Insecure permissions in configuration directory (C:\\usr)

CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

JLSEC-2025-236 An improper link resolution flaw can occur while extracting an archive leading to changing modes, ti...

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...