7249 matches found
GHSA-389R-RCCM-H3H5 eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write
Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...
eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write
Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...
OpenClaw 安全漏洞
OpenClaw is a tool for installing skills, plugins and hooks. OpenClaw suffers from a path traversal vulnerability. An attacker can exploit this vulnerability to achieve persistence or code execution by constructing a malicious archive file that writes to an arbitrary location file...
PT-2026-23443
Name of the Vulnerable Software and Affected Versions eml parser versions prior to 2.0.1 Description The eml parser module, used for parsing eml files, contains a path traversal issue in the example script examples/recursively extract attachments.py. This allows for arbitrary file write outside t...
PT-2026-23410
Name of the Vulnerable Software and Affected Versions SeppMail versions prior to 15.0.2.1 Description The User Web Interface contains a flaw in the large file transfer LFT feature. This allows arbitrary file write via path traversal upload, which can lead to remote code execution. Path traversal ...
BentoML < 1.4.36 Arbitrary File Write
The version of the BentoML library installed on the remote host is prior to 1.4.36. It is, therefore, affected by an arbitrary file write vulnerability: - The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only...
Unity Linux 20.1060e / 20.1070e Security Update: atril (UTSA-2026-005397)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005397 advisory. Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in...
Directory Traversal
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the restorebackup function. An attacker can overwrite arbitrary files outside the intended extraction directory by uploading a specially...
EUVD-2026-9456
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2026-20018
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2026-20018 Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2026-20018 Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
Cisco Secure Firewall Management Center and Secure Firewall Threat Defense Software Path Traversal Vulnerability
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2025-70341
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...
CVE-2025-63909
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...
CVE-2025-70341
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...
CVE-2025-70341
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...
Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 安全漏洞
Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense are products of Cisco, a company based in the United States. Cisco Secure Firewall Management Center is a powerful network security management tool. Cisco Secure Firewall Threat Defense is an integrated firewall...
PT-2026-23015
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2026-27905
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...