PT-2025-31696 · Linksys · Linksys Routers

Name of the Vulnerable Software and Affected Versions: Linksys router versions 1.0.00, 1.0.04, and 1.0.05 Description: A directory traversal vulnerability exists in the web interface, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next page POST parameter to acce...

CVE-2025-43247

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app with root privileges may be able to modify the contents of system files...

CVE-2025-43247

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app with root privileges may be able to modify the contents of system files...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by attackers to modify the contents of system files...

CVE-2025-43247

CVE-2025-43247 describes a permissions issue in macOS. A malicious app with root privileges could modify system files. Affected: macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Impact per provided entry: confidentiality = Low, integrity = High, availability = None. Base score 5.5 (...

CVE-2025-43247

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app with root privileges may be able to modify the contents of system files...

Path Traversal

org.dspace, dspace-api is vulnerable to path traversal. The vulnerability is due to improper validation of file paths in the Simple Archive Format SAF importer, which allows an attacker to craft a malicious SAF package referencing arbitrary system files...

GNU Tar Directory Traversal Vulnerability

GNU Tar is a set of tools for creating tar-formatted files from the American GNU community. GNU Tar suffers from a directory traversal vulnerability that originates in a specially crafted TAR archive, which can be exploited by an attacker to access locations outside of restricted directories and...

Linksys EA6350 安全漏洞

Linksys EA6350 is a wireless router from Linksys, Inc. A security vulnerability exists in the Linksys EA6350 version V2.1.2 that originates from enabling the chrootlocaluser option, which could lead to unauthorized access to system files...

Directory Traversal

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Directory Traversal by failing to sanitize input paths for bulk import processAttachmentPaths. An attacker with admin privileges can access...

Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...

CVE-2025-53622

CVE-2025-53622 affects DSpace open source repository software. A path traversal weakness exists in the SAF (Simple Archive Format) importer when importing archives, allowing a contents file to reference system files readable by the Tomcat user. This can lead to sensitive content disclosure (arbit...

Unspecified Vulnerability in Tenable Agent

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent suffers from a security vulnerability that originates from a non-administrative user being able to overwrite arbitrary local system files with SYSTEM privileges. No details of the vulnerability are provided at this...

Tenable Agent Elevation of Privilege Vulnerability

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent has an elevation of privilege vulnerability, which originates from a non-administrative user deleting arbitrary local system files with SYSTEM privileges, and can be exploited by an attacker to tamper with the syste...

GNU Tar 安全漏洞

GNU Tar is a set of tools for creating tar-formatted files from the American GNU community. GNU Tar suffers from a directory traversal vulnerability that originates in a specially crafted TAR archive, which can be exploited by an attacker to access locations outside of restricted directories and...

PT-2025-28305 · Jhenggao · Ipublish System

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined, as the descriptions do not specify the software name and version. Description: The issue allows unauthenticated remote attackers to read arbitrary system files. Recommendations: At the moment, there is n...

CVE-2025-6210

The CVE concerns the ObsidianReader class in run-llama/llama_index, affecting version 0.12.27, where hardlink handling in load_data() can bypass path restrictions and allow access to sensitive files like /etc/passwd. The root cause is inadequate differentiation between real files and hardlinks, e...

Unspecified Vulnerability in Tenable Nessus

Tenable Nessus is a network vulnerability scanning tool developed by Tenable, Inc. to detect security vulnerabilities in networks and provide recommendations for fixing them. Tenable Nessus has a security vulnerability that can be exploited by an attacker to overwrite arbitrary local system files...

CVE-2025-36630

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege...

CVE-2025-36630

CVE-2025-36630 affects Tenable Nessus on Windows, prior to version 10.8.5. A non‑administrative user could overwrite arbitrary local system files with log content, achieving SYSTEM privilege. Root cause details are not explicitly provided in the documents; exploitation status is not detailed. The...