CVE-2025-6806 Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability

Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2025-6801

Summary: CVE-2025-6801 affects Marvell QConvergeConsole. A flaw in the implementation of the saveNICParamsToFile method fails to validate a user-supplied path before performing file I/O, enabling an unauthenticated, network‑remote attacker to write arbitrary files with SYSTEM privileges. This pat...

File Write Vulnerability in ModStartCMS of Xi'an Yan Yan Information Technology Co.

ModStartCMS is a modular content management system based on the Laravel framework. A file write vulnerability exists in ModStartCMS, which can be exploited by attackers to gain server privileges...

CVE-2025-5981

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...

CVE-2025-5740

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path...

Synology Router Manager (SRM) 1.3.x File Write Vulnerability (Synology-SA-25:07)

Synology Router Manager SRM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-20259 Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Write Vulnerability

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An...

CVE-2024-21870

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigg...

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

CVE-2024-22204

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

CVE-2022-28964

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 build 21.11.6809.528 allows attackers to cause a Denial of Service DoS via a crafted DLL file...

CVE-2022-36894

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfbf and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content...

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...

CVE-2021-1807

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files...

CVE-2021-21968

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2020-25289

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory which has weak permissions...