Lucene search
+L

1489 matches found

nvd
nvd
added 2026/02/04 10:16 p.m.11 views

CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

8.8CVSS0.00444EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/02/04 9:54 p.m.4 views

CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

8.8CVSS5.4AI score0.00444EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/02/04 12:0 a.m.5 views

PT-2026-5973

Name of the Vulnerable Software and Affected Versions Tarot, Astro & Healing version 11.4.0 Description A flaw exists in the file import process that allows overwriting of critical internal files. Successful exploitation could lead to arbitrary code execution or disclosure of sensitive informatio...

6.2AI score0.00329EPSS
Exploits1References6
osv
osv
added 2026/02/03 4:19 p.m.10 views

BIT-PYTHON-MIN-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

9.8CVSS5.6AI score0.27095EPSS
Exploits3References14
euvd
euvd
added 2026/02/03 3:50 a.m.8 views

EUVD-2026-5316

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

9.5CVSS5.8AI score0.00779EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/03 3:50 a.m.6 views

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

9.5CVSS5.8AI score0.00779EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.13 views

PT-2026-5980

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description FUXA version 1.2.7 has an Unrestricted File Upload issue in the /api/upload API endpoint. The endpoint does not require authentication, which allows unauthenticated remote attackers to upload arbitrary files...

9.8CVSS6AI score0.00726EPSS
Exploits0References8
osv
osv
added 2026/02/02 4:16 p.m.4 views

CVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

7.6CVSS6AI score0.0039EPSS
Exploits0References1
cve
cve
added 2026/02/02 3:17 p.m.25 views

CVE-2025-14914

CVE-2025-14914 affects IBM WebSphere Application Server Liberty, specifically versions 17.0.0.3 through 26.0.0.1. The issue allows a privileged user to upload a zip archive containing path traversal sequences that can overwrite files and lead to arbitrary code execution. The formal vulnerability ...

7.6CVSS5.8AI score0.0039EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/02/02 3:17 p.m.7 views

CVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

7.6CVSS5.8AI score0.0039EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/02/02 3:17 p.m.30 views

CVE-2025-14914 IBM WebSphere Application Server Liberty Path Traversal

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

7.6CVSS0.0039EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/02 10:36 a.m.34 views

CVE-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS0.00215EPSS
Exploits1References2
broadcom
broadcom
added 2026/01/27 12:0 a.m.19 views

A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

7.4CVSS7.4AI score0.58204EPSS
Exploits9
nvd
nvd
added 2026/01/26 10:15 p.m.6 views

CVE-2026-23890

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS0.00438EPSS
Exploits1References3
euvd
euvd
added 2026/01/26 9:50 p.m.5 views

EUVD-2026-4657

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators...

6.5CVSS5.9AI score0.00433EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/01/26 12:0 a.m.4 views

PT-2026-4825

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description pnpm is susceptible to a path traversal issue in its bin linking mechanism. Malicious npm packages can exploit this to create executable shims or symlinks outside of the node modules/.bin directory. T...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2026/01/26 12:0 a.m.10 views

PT-2026-4824

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description A path traversal flaw exists in pnpm's tarball extraction process on Windows systems. The vulnerability stems from incomplete path normalization, specifically failing to account for . in addition to ....

6.5CVSS5.9AI score0.00433EPSS
Exploits1References11
snyk
snyk
added 2026/01/20 1:45 a.m.8 views

Improper Handling of Unicode Encoding

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode normalization collisions ...

8.8CVSS5.8AI score0.00233EPSS
Exploits1References3
snyk
snyk
added 2026/01/16 9:16 p.m.2 views

Directory Traversal

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the linkpath parameter during archive extraction. An attacker can overwrite arbitrary files or create malicious symbolic links ...

8.2CVSS6.3AI score0.00334EPSS
Exploits2References2
osv
osv
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

8.6CVSS5.9AI score0.01087EPSS
Exploits1References4
Rows per page
Query Builder