CVE-2026-22914

CVE-2026-22914 affects the SICK TDC-X401GL product per the PSIRT entry. The available documentation states that an attacker with limited permissions may write files to specific locations on the device, potentially enabling system manipulation. The Red Hat and CVE pages reiterate the same descript...

EUVD-2026-2819

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

PT-2026-2995

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An attacker with limited permissions may be able to write files to specific locations on a device, potentially leading to system manipulation. Recommendations At the moment, there is no information...

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK TDC-X401GL has a security vulnerability. This vulnerability allows attackers with limited permissions to still write files to specific locations on the device, potentially leading to system manipulation...

PT-2026-2858

Name of the Vulnerable Software and Affected Versions Harmony SASE Windows client affected versions not specified Description A local user can trigger the software to write or delete files outside the intended certificate working directory. Recommendations At the moment, there is no information...

CVE-2021-47751

CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...

CVE-2025-59469

This vulnerability allows a Backup or Tape Operator to write files as root...

CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node...

PT-2025-53368

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2025-68478

Langflow CVE-2025-68478 affects versions prior to 1.7.0. An authenticated user can specify an arbitrary path in the request body fs_path; the server serializes the Flow to JSON and writes it to that path without path validation or directory restrictions. This enables potential overwriting or crea...

CVE-2025-40898

CVE-2025-40898 describes a path traversal in Nozomi Networks Guardian/CMC (Import Arc data archive) where an authenticated user with limited privileges can upload a crafted Arc archive to write arbitrary files and alter device configuration or affect availability. Multiple connected sources confi...

EUVD-2025-202288

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2025-13661

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

PT-2025-49839

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the file transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2025-8074

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors...