Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in the Unarchive function. An attacker can overwrite sensitive files and potentially escalate privileges by supplying a malicious archive file containing symlinks, which is unarchived...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/mholt/archiver is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in the Unarchive function. An attacker can overwrite sensitive files and potentially escala...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

Gibbon CMS CVE-2023-45878 Exploit This Python script exploi...

EulerOS 2.0 SP11 : rsync (EulerOS-SA-2025-1377)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from th...

EulerOS 2.0 SP11 : rsync (EulerOS-SA-2025-1378)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from th...

CVE-2025-27082

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

CVE-2025-20951

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

CVE-2025-27082

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

CVE-2025-27082

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

CVE-2025-27082

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

CVE-2025-27082

The CVE-2025-27082 entry concerns an Arbitrary File Write vulnerability in the web-based management interfaces of HPE AOS-10 GW and AOS-8 Controller/Mobility Conductor. Affected component: the web UI backend for AOS-10 GW and AOS-8 Controller/Mobility Conductor. Root cause: ability for an authent...

CVE-2025-27082 Authenticated Remote Code Execution Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

CVE-2025-27082 Authenticated Remote Code Execution Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

CVE-2025-20951

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

CVE-2025-20951

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

CVE-2025-20951

Summary: CVE-2025-20951 affects Galaxy Store prior to 4.5.90.7 due to improper verification of intent by a broadcast receiver, enabling a local attacker to write arbitrary files with Galaxy Store privileges. Affected software: Galaxy Store (Android) versions before 4.5.90.7. Root cause: insuffici...

PT-2025-15470

Name of the Vulnerable Software and Affected Versions: AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description: Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8...