53 matches found
CVE-2026-21668
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...
Laravel File Manager 安全漏洞
Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from a directory traversal in the zip archive feature that could lead to arbitrary file manipulation...
CVE-2025-7719 Smallworld SWMFS Arbitrary File Ops
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions...
EUVD-2010-4255
Malware in sbrugna...
EUVD-2025-16628
Malicious code in bioql PyPI...
CVE-2025-3224
Docker Desktop for Windows versions prior to 4.41.0 are affected by an Elevation of Privilege during the update process. The updater runs with high privileges and attempts to delete files under C:\ProgramData\Docker\config, a path that often does not exist and where normal users can create direct...
CVE-2024-46622
An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion...
CVE-2024-46622
CVE-2024-46622 affects SecureAge Security Suite: vulnerable in versions 7.0.x < 7.0.38, 7.1.x < 7.1.11, 8.0.x < 8.0.18, and 8.1.x
CVE-2024-39581
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files...
Hitachi Ops Center Common Services Security Vulnerability
Hitachi Ops Center Common Services is a component of Hitachi, Ltd. of Japan Hitachi that provides single sign-on functionality and a web portal for Ops Center products. A security vulnerability exists in Hitachi Ops Center Common Services versions prior to 11.0.2-00 that stems from incorrect...
CVE-2024-3322
A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...
qdrant input validation failure
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...
PT-2024-33692 · Pagure +1 · Pagure +1
Name of the Vulnerable Software and Affected Versions: Pagure affected versions not specified Description: The issue concerns a symlink following vulnerability in Pagure's update file in git function, allowing for arbitrary file manipulation. Recommendations: At the moment, there is no informatio...
WordPress JetPack Plugin Arbitrary File Manipulation Vulnerability (CVE-2023-2996)
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:jetpack"; if description...
Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php",...
Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. PoC curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php"...
SUSE SLES12 Security Update : php74 (SUSE-SU-2023:0072-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0072-1 advisory. - The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote...
CVE-2022-40264
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package...
CVE-2021-26633
SQL injection and Local File Inclusion LFI vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file...
Exploit for Improper Initialization in Linux Linux_Kernel
PoC exploit for CVE-2022-0847, a kernel arbitrary file manipulat...