CVE-2025-9142

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory...

PT-2026-3091

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002525)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002525 advisory. Race condition in the ext4filewriteiter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service file unavailabili...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002374)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002374 advisory. Race condition in the ext4filewriteiter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service file unavailabili...

CVE-2025-37174

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

CVE-2025-9142

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory...

Check Point Harmony SASE 安全漏洞

Check Point Harmony SASE is a Secure Access Service edge application from Check Point Israel. A security vulnerability exists in Check Point Harmony SASE that originates when a local user can trigger a client to write or delete files outside of the expected certificate working directory...

Adobe Dreamweaver 21.0 < 21.7 Multiple Vulnerabilities (APSB26-01)

The version of Adobe Dreamweaver installed on the remote Windows host is prior to 21.7. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-01 advisory. - Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that...

Adobe Dreamweaver 21.0 < 21.7 Multiple Vulnerabilities (APSB26-01) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 21.7. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-01 advisory. - Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that cou...

CVE-2026-0831

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the savetemplatetofile function where user-controlled parameters like sessionid, contentid, and aipageids are used to construct file...

CVE-2026-22871

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2025-37174

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

CVE-2025-37174

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

CVE-2025-37174 Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

CVE-2025-37174 Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

CVE-2025-37174

ArubaOS AOS-8 and AOS-10 web management interfaces are affected by vulnerabilities fixed by Aruba Networks. The NCSC advisory notes issues including arbitrary file deletion, stack overflow, command injection, and improper input handling that could allow unauthorized access, file manipulation, or ...

CVE-2026-21272

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requir...

EUVD-2026-2000

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal...

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

CVE-2026-21272 Dreamweaver Desktop | Improper Input Validation (CWE-20)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requir...