CVE-2025-55824

ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the podman kube play command. An attacker can cause sensitive data corruption and system crashes by supplying a malicious Kubernetes YAML file that results in overwriting critical host files. The attacker only...

Soft Serve 路径遍历漏洞

Soft Serve is a self-hostable command-line Git server from Charm Open Source. A path traversal vulnerability exists in Soft Serve 0.9.1 and earlier versions, which stems from an SSH API that allows an attacker to create or overwrite arbitrary files...

CVE-2025-58355

CVE-2025-58355 affects Soft Serve (self-hosted Git server). In versions ≤0.9.1, an attacker can create or override arbitrary files with uncontrolled data via the SSH API. The issue is resolved in version 0.10.0. Evidence in the initial document notes vulnerable versions and the fixed release; no ...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

ceph: fix possible deadlock when holding Fwb to get inline_data

...

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

...

CVE-2025-20335

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authenticatio...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the filepathTemplate parameter in the CreateResource endpoint, when objects are stored locally. An authenticated attacker can write arbitrary files to the server filesystem by submitting a crafted filename...

CVE-2025-20335 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authenticatio...

CVE-2025-20335

Cisco fixed a directory-permissions vulnerability affecting Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 with SIP firmware. An unauthenticated, remote attacker could write arbitrary files to specific OS directories by sending crafted requests, exploiting weak directory ...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

CVE-2025-56760

CVE-2025-56760 affects Memos 0.22 when configured to store objects locally. The vulnerability arises from a path traversal sequence in the CreateResource endpoint name, enabling arbitrary file writes on the server. CVSSv3.1 metrics indicate Network access, Low attack complexity, and Low privilege...

GHSA-33PR-M977-5W97 Soft Serve vulnerable to arbitrary file writing through SSH API

Attackers can create/override arbitrary files with uncontrolled data. For a PoC, spin up an instance of soft-serve as explained in the README, and execute the following command: sh ssh -p23231 localhost repo commit icecream -- --output=/tmp/pwned It should have created a file in /tmp/pwned...

Soft Serve vulnerable to arbitrary file writing through SSH API

Attackers can create/override arbitrary files with uncontrolled data. For a PoC, spin up an instance of soft-serve as explained in the README, and execute the following command: sh ssh -p23231 localhost repo commit icecream -- --output=/tmp/pwned It should have created a file in /tmp/pwned...

CVE-2025-55824

ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...

CVE-2025-55824

ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...