7261 matches found
CVE-2026-24884 Compressing Vulnerable to Arbitrary File Write via Symlink Extraction
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...
CVE-2026-24884
The CVE-2026-24884 vulnerability affects the npm package compressing (versions ≤ 1.10.3 and 2.0.0) where TAR extraction of symbolic links is performed without validating link targets. This can allow an attacker to cause subsequent archive entries to be written to arbitrary locations on the host f...
CVE-2025-64712
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...
CVE-2025-61731
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
CVE-2025-64712
CVE-2025-64712 affects the Unstructured library. Prior to version 0.18.18, a path traversal flaw in the partition_msg function enables writing or overwriting arbitrary files when processing malicious MSG attachments. The issue has been patched in version 0.18.18. Affected scope and impact are des...
CVE-2025-64712 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...
CVE-2025-64712 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...
CVE-2025-64712 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...
CVE-2026-25056
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...
CVE-2026-25056
n8n is affected by CVE-2026-25056 in the Merge node’s SQL Query mode. Prior to versions 1.118.0 and 2.4.0, authenticated users with permission to create or modify workflows could write arbitrary files to the n8n server filesystem, potentially enabling remote code execution. The vulnerability has ...
CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...
CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...
CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...
CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node
n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...
CVE-2026-25055
CVE-2026-25055 affects the open source workflow platform n8n. The issue occurs when workflows process uploaded files and transfer them to remote servers via the SSH node without validating metadata, which can cause files to be written to unintended locations on the remote system and potentially e...
CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node
n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...
CVE-2026-24936
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...
CVE-2025-66480
Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint /fs that handles...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the LicensingInfos function, which reads license files specified in the copyright.license-path field without validating that paths remain within the workspace directory. An attacker can access and exfiltrate...
Ubuntu: Security Advisory (USN-7989-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...