Directory Traversal

Overview lilya is a Yet another ASGI toolkit that delivers Affected versions of this package are vulnerable to Directory Traversal in getpath function in staticfiles.py. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outside...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-25761

CVE-2025-25761 affects HkCms v2.3.2.240702 with an arbitrary file write vulnerability in Appcenter.php. Public sources (NVD/Red Hat, CNNVD, PT-Security, CVE listing) confirm impact as high (C:H, I:H, A:H) with network exposure; exploit details are not provided in the documents. A remediation ment...

HkCms 安全漏洞

HkCms is a free and open source content management system from HkCms Open Source. A security vulnerability exists in HkCms version v2.3.2.240702, which originates from an arbitrary file write in the Appcenter.php component...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

PT-2025-8946 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms version 2.3.2.240702 Description: The issue is related to an arbitrary file write vulnerability in the Appcenter.php component. This vulnerability allows for the writing of files to arbitrary locations, potentially leading to security...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper limitation of a pathname to a restricted directory in the asset upload functionality. An attacker can upload files to directories outside of the intended temporary directory by manipulating file paths...

AZL-60327 CVE-2022-49296 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...

CVE-2022-49352 ext4: fix warning in ext4_handle_inode_extension

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4handleinodeextension We got issue as follows: EXT4-fs error device loop0 in ext4reserveinodewrite:5741: Out of memory EXT4-fs error device loop0: ext4setattr:5462: inode 13: comm syz-executor.0:...

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

ClickHouse < 19.14.3

The version of ClickHouse installed on the remote host is prior to 19.14.3. It is, therefore, affected by a arbitrary file write vulnerability. In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the...

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...