Lucene search
K

68 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which arises from the use of a specially crafted entry point name during the installation of malicious Python wheels. This can lead to arbitrary file overwriting...

4.1CVSS5.9AI score0.0032EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

WordPress plugin Perfmatters 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.9AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.12 views

Directus 安全漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.1 contained a security vulnerability. This vulnerability stemmed from the TUS recoverable upload endpoint, which only performed...

8.1CVSS6AI score0.00302EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/25 7:38 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the readDir API endpoint. An attacker can access and enumerate arbitrary directories and retrieve file names by sending crafted requests to the endpoint. Details A Directory Traversal attack also known as path...

9.8CVSS6.9AI score0.0066EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

BusyBox 安全漏洞

BusyBox is a set of applications developed by Denis Vlasenko from Ukraine. It contains multiple Linux commands and tools. BusyBox has a security vulnerability, which stems from an incomplete cleanup of the archive extraction tool’s path. This could lead to arbitrary file overwriting when extracti...

7CVSS7.3AI score0.00682EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18258

Malicious code in bioql PyPI...

6.9CVSS6.9AI score0.00369EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8459

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00621EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.6 views

OpenAI Codex CLI 安全漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. A security vulnerability exists in OpenAI Codex CLI that stems from the fact that use of Codex CLI in a malicious context could lead to arbitrary file overwriting and potential remote code...

8.8CVSS7.8AI score0.00782EPSS
Exploits0References2
NVD
NVD
added 2025/06/13 9:15 a.m.19 views

CVE-2025-36506

External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data...

6.9CVSS0.00369EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.15 views

CVE-2021-25833

A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...

9.8CVSS7.9AI score0.43534EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 a.m.8 views

CVE-2019-11458

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...

7.5CVSS6.9AI score0.02058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:3 a.m.6 views

CVE-2009-2169

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control pdfviewer.ocx in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the...

9.3CVSS7.7AI score0.04497EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.7 views

PT-2025-16933 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to and including 1.2.9.1 Description: The WP Editor plugin for WordPress is susceptible to arbitrary file update due to a missing file path validation. This allows authenticated attackers with...

7.2CVSS8.1AI score0.00819EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2025/03/17 9:26 p.m.50 views

zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write

Summary In the archive extraction routine of affected versions of the zip crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in th...

7.3CVSS7.2AI score0.005EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.2 views

Trend Micro VPN 安全漏洞

Trend Micro VPN is a best-of-breed virtual private network service from Trend Micro. A security vulnerability exists in Trend Micro VPN version 5.8.1012 and prior versions, which stems from a vulnerability to arbitrary file overwriting under certain conditions, resulting in elevated privileges...

7.8CVSS6.9AI score0.01017EPSS
Exploits0References4
Apple
Apple
added 2024/07/29 12:0 a.m.60 views

About the security content of macOS Ventura 13.6.8

About the security content of macOS Ventura 13.6.8 This document describes the security content of macOS Ventura 13.6.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

8.6CVSS8.8AI score0.99506EPSS
Exploits73References1Affected Software1
NVD
NVD
added 2024/05/29 2:15 p.m.24 views

CVE-2024-25975

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...

6.5CVSS6.5AI score0.00592EPSS
Exploits1References3
NVD
NVD
added 2023/04/20 9:15 p.m.30 views

CVE-2023-28458

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...

4.3CVSS4.7AI score0.03429EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2022/01/06 6:43 p.m.2 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.5 views

NPM arborist 后置链接漏洞

NPM arborist is a software package from the American company npm NPM. It is used to visualize hierarchical data stored as flat lists. A backlink vulnerability exists in arborist that allows an attacker to perform arbitrary file creation, arbitrary file overwriting, and arbitrary code execution...

8.2CVSS8AI score0.00576EPSS
Exploits0References15
Rows per page
Query Builder