GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root

Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...

GHSA-469J-VMHF-R6V7 NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

Vulnerability Description The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences such as ../, which can lead to: 1. Arbitrary Directo...

PT-2026-26300

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.3 and prior Description NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. The NLTK downloader does not validat...

CVE-2005-1884

Directory traversal vulnerability in the 1 rmdir or 2 mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. dot dot in the dir parameter...

WordPress WPvivid Backup & Migration plugin <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation vulnerability

Authenticated Admin+ Arbitrary Directory Creation vulnerability discovered by blue0x1 in WordPress Plugin WPvivid Backup and Migration versions = 0.9.120...

CVE-2025-12654

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...

EUVD-2025-204659

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...

CVE-2025-12654

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...

CVE-2025-12654 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...

CVE-2025-12654 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...

WordPress plugin Migration, Backup, Staging – WPvivid Backup & Migration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

EUVD-2025-35735

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine...

CVE-2025-59776

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine...

EUVD-2024-18602

Malicious code in bioql PyPI...

EUVD-2022-5890

Malicious code in bioql PyPI...

EUVD-2024-2131

Malicious code in bioql PyPI...

SUSE-SU-2025:02534-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to. Mitigation...

GHSA-XH32-3M67-QJGF Salt allows arbitrary directory creation or file deletion

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...