3 matches found
CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...
CVE-2025-62511 yt-grabber-tui local arbitrary file overwrite via TOCTOU race in config file creation
yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...
YtGrabber-TUI 安全漏洞
YtGrabber-TUI is the interface of a software by the individual developer of Женя Бородин. A security vulnerability exists in YtGrabber-TUI version 1.0, which stems from a TOCTOU competition condition during the creation of the default configuration file config.json, which could lead to arbitrary...