7267 matches found
CVE-2025-36244
CVE-2025-36244 : IBM AIX/VIOS Kerberos vulnerability allowing a local user to write to arbitrary files with root privileges due to improper initialization of critical variables. Affected: AIX 7.2, 7.3; VIOS 3.1, 4.1; vulnerable fileset: krb5.client.rte (1.16.1.0–1.16.1.7). CVSS base score 7.4 (HI...
AIX/VIOS is vulnerable to arbitrary file write due to Kerberos (CVE-2025-36244)
IBM SECURITY ADVISORY First Issued: Tue Sep 16 08:16:52 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/nasadvisory4.asc Security Bulletin: AIX is vulnerable to arbitrary file write due to Kerberos CVE-2025-36244...
wishlist-member-vuln-analysis
📄 Overview This repository contains a detailed analysis of a...
CVE-2025-41714
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...
Cisco Desk/IP/Video Phone Multiple Vulnerabilities (cisco-sa-phone-write-g3kcC5Df)
According to its self-reported version, the remote Cisco Desk, IP or Video Phone running SIP Software is affected by multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct arbitrary file write and information disclosure attacks. To exploit these vulnerabilities,...
SUSE CVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...
[SECURITY] [DSA 5995-1] hsqldb1.8.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5995-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 10, 2025 https://www.debian.org/security/faq -...
CVE-2025-41714
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...
CVE-2025-41714 Path Traversal via 'Upload-Key' in SmartEMS Upload Handling
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...
CVE-2025-41714
CVE-2025-41714 affects the Welotec SmartEMS Web Application (SmartEMS Upload Handling). The issue is in the upload endpoint where the Upload-Key header is not adequately validated, allowing path traversal sequences to cause upload-related artifacts to be created outside the intended storage locat...
Linux Distros Unpatched Vulnerability : CVE-2020-23171
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash...
ROS-20250910-01
A vulnerability in the GNU screen terminal multiplexer's logfilereopen function is related to the execution of an operation before privilege reset. Exploitation of the vulnerability could allow an attacker to write data to an arbitrary file with root privileges. data to an arbitrary file with roo...
Linux Distros Unpatched Vulnerability : CVE-2022-25299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mghttpupload method may enable attackers to write...
MONAI does not prevent path traversal, potentially leading to arbitrary file writes
Summary The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. When the Zip file containing malicious content is decompressed, it will overwrite the system files. In addition, the project allows the download of t...
Zip Slip
Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Zip Slip via the use of zipfile.extractalloutputdir. An attacker can overwrite arbitrary files on the system by supplying a crafted zip archive containing files with path traversal sequences...
APSB25-93 : Security update available for Adobe ColdFusion
Adobe has released security updates for ColdFusion versions 2025, 2023 and 2021. These updates resolve a critical vulnerability that could lead to arbitrary file system write...
GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...
CVE-2025-20335
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authenticatio...
CVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...