44 matches found
CVE-2026-28269 Kiteworks Core has an OS Command Injection
Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...
CVE-2026-25701
An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...
CVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
GHSA-7G56-FWXJ-CM23 FUXA contains an Unrestricted File Upload vulnerability
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the lack of an authentication mechanism for the/api/upload API endpoints. This allows unauthorized remote attackers to upload arbitrar...
PT-2026-6387
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
CVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
EUVD-2025-202391
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
CVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
CVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
CVE-2025-9056
CVE-2025-9056 describes an unprotected service in the AudioLink component that allows a local attacker to overwrite system files via unauthorized service invocation. The issue is documented across multiple feeds (NVD, Red Hat, EUVD, CIRCL, CNNVD, etc.) with consistent description. Affected compon...
CVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
PT-2025-50303
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
Tecno AudioLink 安全漏洞
Tecno AudioLink is an audio linking software in cell phones from the Chinese company Tecno. A security vulnerability exists in Tecno AudioLink, which stems from insufficient protection of the AudioLink component service and could allow a local attacker to overwrite system files...
CVE-2025-42937
SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...
EUVD-2018-0945
Malware in sbrugna...
EUVD-2018-0946
Malware in sbrugna...
EUVD-2025-5302
Malicious code in bioql PyPI...
CVE-2025-58755
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
CVE-2025-3771
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the...