7263 matches found
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...
Exploit for CVE-2025-59532
CVE-2025-59532 Docker Environment A Docker-based research env...
📄 Adobe Commerce Insecure Deserialization
This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...
RLSA-2025:23744 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
git-lfs security update
An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...
git-lfs security update
An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...
RLSA-2025:23745 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
EUVD-2023-60247
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...
RockyLinux 8 : git-lfs (RLSA-2025:23745)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23745 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...
RockyLinux 9 : git-lfs (RLSA-2025:23744)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23744 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...
AlmaLinux 10 : git-lfs (ALSA-2025:23667)
The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23667 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the AlmaLin...
CVE-2023-53962
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...
CVE-2023-53962 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Directory Traversal File Write
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...
CVE-2023-53962
The CVE-2023-53962 entry concerns SOUND4 IMPACT/FIRST/PULSE/Eco v2.x with an unauthenticated directory traversal in upload.cgi through the upgfile parameter, enabling remote attackers to write arbitrary files. Exploitation involves crafting multipart form-data POST requests that include directory...
rsync: Path traversal vulnerability in rsync
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
RHEL 8 : git-lfs (RHSA-2025:23745)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23745 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
CVE-2025-68478
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...