CVE-2025-47724 Out-of-bounds Write in CNCSoft

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

PT-2025-23776 · Delta Electronics · Cncsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft affected versions not specified Description: The issue is related to a lack of proper validation of user-supplied files in Delta Electronics CNCSoft. If a user opens a malicious file, an attacker can execute code in...

PT-2025-23784

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft-G2 affected versions not specified Description The issue is related to a lack of proper validation of user-supplied files in Delta Electronics CNCSoft-G2. If a user opens a malicious file, an attacker can execute code...

CVE-2025-4134

Lack of file validation in doupdatevps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write...

CVE-2025-4134

Lack of file validation in doupdatevps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write...

CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files

Lack of file validation in doupdatevps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write...

CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files

Lack of file validation in doupdatevps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write...

CVE-2025-4134

Avast Business Antivirus for Linux 4.5 contains a vulnerability in the do_update_vps function that lacks proper file validation, allowing a local user to spoof or tamper with update files via an unverified file write. This is a local-privilege issue with potential impact on update integrity. A pa...

PT-2025-23086 · Avast · Avast Business Antivirus For Linux

Name of the Vulnerable Software and Affected Versions: Avast Business Antivirus for Linux version 4.5 Description: The issue is related to a lack of file validation in the do update vps function, allowing a local user to potentially spoof or tamper with update files through unverified file writes...

Avast Business Antivirus 安全漏洞

Avast Business Antivirus is a commercial network antivirus from Avast. A security vulnerability exists in Avast Business Antivirus version 4.5, which stems from insufficient file validation and could lead to tampering of update files...

ABB M2M Gateway Arbitrary File Write in embedded Rsync (CVE-2022-29154)

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

CVE-2025-4603

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to delete arbitrary files...

PT-2025-22838

Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager for WooCommerce plugin for WordPress versions 1.2.5 and earlier Description The issue arises from missing file type validation in the set image function, allowing unauthenticated attackers to upload arbitrary files on t...

CVE-2024-7863

The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...

CVE-2024-27447

pretix before 2024.1.1 mishandles file validation...

CVE-2024-44148

This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox...

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

CVE-2024-4359

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the rendersvg function...

CVE-2024-48646

An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the...

CVE-2024-3112

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...