RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework from the Chinese organization dromara. A security vulnerability exists in RuoYi-Vue-Plus 5.5.1 and earlier versions, which stems from unfiltered user input and could lead to arbitrary file reading and writing...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication that stems from improper backup or tape operator privileges that could lead to a file write attack...

N8n < 1.121.3 Arbitrary File Write

According to its banner, the version of n8n running on the remote host is after 0.123.0 and before 1.121.3. It is, therefore, affected by an authenticated arbitrary file write. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

RHEL 10 : git-lfs (RHSA-2026:0224)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0224 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

RHEL 9 : git-lfs (RHSA-2026:0204)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0204 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

RHEL 9 : git-lfs (RHSA-2026:0203)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0203 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2019-16896

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll aka the backup module improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

GHSA-V364-RW7M-3263 n8n Vulnerable to RCE via Arbitrary File Write

Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...

n8n Vulnerable to RCE via Arbitrary File Write

Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 CVSS...

SUSE CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

Exploit for CVE-2026-21440

CVE-2026-21440 Advanced detection-only PoC for CVE-2026-21440...

EUVD-2025-26614

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authenticatio...

CVE-2026-21440

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...