CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

CVE-2025-10057

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...

CVE-2025-57644

CVE-2025-57644 affects Accela Automation Platform 22.2.3.0.230103 (Test Script feature). An authenticated administrative user can execute arbitrary Java code on the server, enabling remote code execution. Additional flaws include improper input validation that allows arbitrary file write and serv...

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

PT-2025-38543

Name of the Vulnerable Software and Affected Versions Accela Automation Platform version 22.2.3.0.230103 Description Accela Automation Platform contains multiple issues within the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, potentially...

Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞

Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Application is a printer management application. A security vulnerability exists in Vasion Print...

DragonFly vulnerable to arbitrary file read and write on a peer machine

Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...

GHSA-79HX-3FP8-HJ66 DragonFly vulnerable to arbitrary file read and write on a peer machine

Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...

CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...

CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper validation of the X-Zone-Id header. An attacker can cause arbitrary files to be written outside the intended storage directory by supplying specially crafted path traversal sequences in the header...

GHSA-G2H5-CVVR-7GMW esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header

Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...

esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header

Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...

CVE-2025-59342

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

CVE-2025-59342 esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

CVE-2025-59342 esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

GO-2025-3926 Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness

Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness...

DragonFly vulnerable to arbitrary file read and write on a peer machine

A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain remote co...

Samsung MagicINFO Server < 21.1052.0 Path Traversal

The version of Samsung MagicINFO Server installed on the remote Windows host is affected by a vulnerability. Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...