339 matches found
CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
Malicious code in netmanagement (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9af8bc10bc4f751ad03dbe8257d2d8c49941accbf8b8fe6149d17a457fc56811 The package appears to be a PoC of overwriting "requests" package files. The new "requests/init.py" takes over common requests features and uses the...
MAL-2025-191802 Malicious code in netmanagement (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9af8bc10bc4f751ad03dbe8257d2d8c49941accbf8b8fe6149d17a457fc56811 The package appears to be a PoC of overwriting "requests" package files. The new "requests/init.py" takes over common requests features and uses the...
Linenoise 安全漏洞
Linenoise is an application by the individual developer Salvatore Sanfilippo. A security vulnerability exists in Linenoise that stems from a competing condition on history paths that could lead to arbitrary file overwrites and permission changes...
CVE-2025-54819
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
PT-2025-34096
Name of the Vulnerable Software and Affected Versions Xion Audio Player versions prior to 1.0.126 Description A Unicode-based stack buffer overflow occurs when opening a specially crafted .m3u playlist file. The file contains an excessively long string that overwrites the Structured Exception...
CVE-2025-55214 Copier safe template has filesystem write access outside destination path
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...
Linux Distros Unpatched Vulnerability : CVE-2019-10773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
CLSA-2025-1754941200 openssh: Fix of 3 CVEs
CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...
CLSA-2025-1754940060 Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835
SECURITY UPDATE: multiple vulnerabilities in Gitk and Git GUI - debian/patches/CVE-2025-27614CVE-2025-27613CVE-2025-46835.patch: Prevent script execution via specially crafted filenames in Gitk. Sanitize filename handling to avoid unintended file creation/truncation. Validate directory names in G...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
CBL Mariner 2.0 Security Update: vim (CVE-2025-53905)
The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53905 advisory. - Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's...
Traefik 安全漏洞
Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A security vulnerability exists in Traefik versions 2.11.27 and earlier, 3.0.0 through 3.4.4, and 3.5.0-rc1, which stems from a path traversal in the WASM plugin installation mechanism that could lead to...