Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

Directory Traversal

Overview strands-agents is an A model-driven approach to building AI agents in just a few lines of code Affected versions of this package are vulnerable to Directory Traversal via the FileSessionManager.getsessionpath, FileSessionManager.getagentpath, S3SessionManager.getsessionpath, and...

CVE-2025-10578

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

CVE-2025-10578

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

CVE-2025-10578

CVE-2025-10578 affects HP Support Assistant, prior to version 9.47.41.0. The documented impact is local privilege escalation via an arbitrary file write. The connected sources consistently identify the affected product and version range, and recommend updating to 9.47.41.0 or later as the remedia...

CVE-2025-10578 HP Support Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

CVE-2025-10578 HP Support Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

GHSA-25QH-J22F-PWP8 QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

HP Support Assistant 安全漏洞

HP Support Assistant is a suite of solutions from Hewlett-Packard HP in the United States that provides support and other features for PCs and printers. A security vulnerability exists in HP Support Assistant versions prior to 9.47.41.0, which originates from a local attacker being able to write...

PT-2025-40286

Name of the Vulnerable Software and Affected Versions HP Support Assistant versions prior to 9.47.41.0 Description A security issue exists in HP Support Assistant that may allow a local attacker to gain higher-level access through arbitrary file writing. Recommendations Update HP Support Assistan...

Arbitrary File Write

mobsf is vulnerable to Arbitrary file write. The vulnerability is due to improper validation of uploaded files, which allows an attacker to write arbitrary files to any directory writable by the MobSF process user...

Directory Traversal

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Directory Traversal via the ComboServlet component. An attacker can access arbitrary CSS and JS files and cause repeated loading of these files by manipulating the...

HP Support Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. HP has identified affected versions and the minimum version that...

Ubuntu: Security Advisory (USN-7782-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-59825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of...

Arbitrary File Write

github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...

PT-2025-43007

Name of the Vulnerable Software and Affected Versions Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.1 Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.0 Description A path traversal flaw exists in Atlassian Jira Software Data Center and...

ROS-20250925-04

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of the directory with restricted directory. Python programming language interpreter CPython functions...

ROS-20250925-02

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...