GO-2025-3767 OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal in github.com/google/osv-scalibr

OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal in github.com/google/osv-scalibr...

GO-2025-3769 Mattermost allows authenticated users to write files to arbitrary locations in github.com/mattermost/mattermost-server

Mattermost allows authenticated users to write files to arbitrary locations in github.com/mattermost/mattermost-server...

RHEL 8 : git (RHSA-2025:11794)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11794 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via insufficient validation of file paths and types in the reader function. An attacker can access arbitrary files on the...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the file parameter in the /uploads/get endpoint. An attacker can access arbitrary files on the system by supplying a...

GHSA-75JV-VFXF-3865 Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

PT-2025-31837 · Pypi · Assemblyline-Service-Client

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

NewStart CGSL MAIN 7.02 : cpio Vulnerability (NS-SA-2025-0164)

The remote NewStart CGSL host, running version MAIN 7.02, has cpio packages installed that are affected by a vulnerability: - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Note...

CVE-2025-54140

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS allows a intruder to gain unauthorized access to file writing and execute arbitrary code.

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating...

CVE-2025-54071

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...

Remote Code Execution (RCE)

pyloadng is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded filenames in the /json/upload endpoint, which allows an attacker to traverse directories and write arbitrary files to any location accessible to the pyLoad process...

AlmaLinux 8 : git (ALSA-2025:11534)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11534 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the json/upload endpoint when the filename parameter is manipulated. An attacker can write arbitrary files to any location accessibl...

CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

CVE-2025-54140

Summary: pyLoad (v0.5.0b3.dev89 affected) exposes an authenticated path traversal via the /json/upload endpoint where the uploaded file’s name is not sanitized, enabling arbitrary file writes outside the intended directory. This can lead to Remote Code Execution, local privilege escalation, and s...

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...