7276 matches found
Flowise allows arbitrary file write to RCE
Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...
GHSA-8VVX-QVQ9-5948 Flowise allows arbitrary file write to RCE
Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...
CVE-2024-54449 Remote Code Execution (RCE) via Arbitrary File Write In Document API
The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘writ...
CVE-2024-54449 Remote Code Execution (RCE) via Arbitrary File Write In Document API
The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘writ...
CVE-2025-23360
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...
CVE-2025-23360
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...
CVE-2025-23360
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...
CVE-2025-23360
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...
rsync: --safe-links option bypass leads to path traversal
A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...
Fortinet FortiWeb Directory Traversal Arbitrary File Write (FG-IR-24-439)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-439 advisory. - A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through...
CVE-2025-27519 Cognita Arbitrary File Write
Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...
CVE-2025-27519 Cognita Arbitrary File Write
Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...
Linux Distros Unpatched Vulnerability : CVE-2023-35936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior...
Linux Distros Unpatched Vulnerability : CVE-2021-39134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...
Linux Distros Unpatched Vulnerability : CVE-2023-38745
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the...
Linux Distros Unpatched Vulnerability : CVE-2015-3202
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to...
Linux Distros Unpatched Vulnerability : CVE-2015-1196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. CVE-2015-1196 Note that Nessus relies on the presence ...
Linux Distros Unpatched Vulnerability : CVE-2021-23520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the ZipFile::uncompressEntry function in...
Linux Distros Unpatched Vulnerability : CVE-2015-5701
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this...
Directory Traversal
Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Directory Traversal in the getlogsizelegacy function in api/crud/logs.py. This allows attackers to access locations on the filesystem outside the project directory. Details A...