libssh: Improper sanitation of paths received from SCP servers

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

MAL-2026-2624 Malicious code in asciitoart (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591 Through an obscure way, one of the package files got overwritten by a remote obfuscated code, which appears to be an infostealer. After executing the malicious...

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

EUVD-2026-19408

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

Docudepot PDF Reader 安全漏洞

Docudepot PDF Reader is a reading tool developed by Docudepot that supports the viewing and management of PDF documents. Version 1.0.34 of Docudepot PDF Reader contains a security vulnerability. This vulnerability stems from the possibility of arbitrary file overwriting, which could allow attacke...

Exploit for Path Traversal in Isaacs Tar

🛡️ CVE-2026-31802 - Simple Proof of Concept Viewer !Downloa...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pkgutil.getdata function. An attacker can access files and directories outside the intended root directory by supplying crafted input to the resource argument. Details A Directory Traversal attack also known ...

BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the TUF client. An attacker can overwrite arbitrary files on the filesystem by supplying crafted target metadata that causes path traversal outside the intended cache directory. Note: This is only exploitable if...

MiracleLinux 7 : git-1.8.3.1-25.0.6.el7.AXS7 (AXSA:2025-10998:13)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10998:13 advisory. CVE-2025-46835: prevent malicious creating and overwriting of user's files CVEs: CVE-2025-46835 Git GUI allows you to use the Git source control management...

CVE-2023-29186

In SAP NetWeaver BI CONT ADDON - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient administrative privileges then potentially critical OS files ca...

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

CVE-2025-66446

MaxKB (enterprise AI assistant) versions 2.3.1 and earlier are affected by improper file permissions that allow overwriting the built-in dynamic linker and other critical files, potentially enabling privilege escalation. The issue is fixed in version 2.4.0. Affected component: file permissions go...

CVE-2025-13597 AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c

It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...

Directory Traversal

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization in the file upload functionality. An attacker can upload and overwrite files outside the intended directory by providi...

[SECURITY] [DSA 6035-1] python-internetarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6035-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2025 https://www.debian.org/security/faq -...

vim: Vim path traversal

A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive...

EUVD-2018-1469

Malware in sbrugna...

EUVD-2008-4091

Malware in sbrugna...