Synology Router Manager 路径遍历漏洞

Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager, which stems from the FileStation thumb cgi that allows remote authenticated users to read and write image files...

CVE-2025-42894

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

CVE-2025-10918

CVE-2025-10918 affects Ivanti Endpoint Manager prior to version 2024 SU4. The vulnerability arises from insecure default permissions in the agent, allowing a locally authenticated attacker to write arbitrary files anywhere on disk (local impact, high severity). Connected sources also reference re...

CVE-2025-10918

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...

EUVD-2025-60985

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

CVE-2025-42894

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

PT-2025-46234

Name of the Vulnerable Software and Affected Versions SAP Business Connector affected versions not specified Description A Path Traversal issue exists in SAP Business Connector. An attacker with administrator privileges and adjacent access can read, write, overwrite, and delete arbitrary files on...

CVE-2025-58423

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

CVE-2025-3355 IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

EUVD-2025-35740

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

CVE-2025-61934 AutomationDirect Productivity Suite Binding to an Unrestricted IP Address CWE-1327

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

CVE-2025-62424 ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...

CVE-2025-62353

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

EUVD-2024-54937

Malicious code in bioql PyPI...

EUVD-2025-25690

Malicious code in bioql PyPI...

EUVD-2023-23567

Malicious code in bioql PyPI...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

Linux Distros Unpatched Vulnerability : CVE-2019-11246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to...