41 matches found
CVE-2025-61037
A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...
CVE-2025-65213
MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...
CMSimple_XH 安全漏洞
CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...
EUVD-2021-8461
Malicious code in bioql PyPI...
CVE-2021-33724
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path...
Ollama 安全漏洞
Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.34, which stems from the CreateModelHandler function reading a file using os.Open, where the req.Path parameter can be controlled by th...
CVE-2022-30636
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...
Cisco Crosswork Network Services Orchestrator 安全漏洞
Cisco Crosswork Network Services Orchestrator is a network services orchestrator from Cisco USA. A security vulnerability exists in Cisco Crosswork Network Services Orchestrator that originates from the use of a user-controlled search path to locate executables, allowing an authenticated, local...
GO-2023-1713 Path traversal in github.com/sjqzhang/go-fastdfs
An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server...
CVE-2023-28892
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...
CVE-2023-28892
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...
CVE-2022-35868
A vulnerability has been identified in TIA Multiuser Server V14 All versions, TIA Multiuser Server V15 All versions V15.1 Update 8, TIA Project-Server All versions V1.1, TIA Project-Server V16 All versions, TIA Project-Server V17 All versions V17 Update 6. Affected applications contain an untrust...
PT-2023-18667 · Act · Act
Name of the Vulnerable Software and Affected Versions: act versions prior to 0.2.40 Description: The artifact server in act does not sanitize path inputs, allowing an attacker to download and overwrite arbitrary files on the host from a Github Action, potentially leading to privilege escalation...
CVE-2022-36991
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path o...
CVE-2022-36991
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path o...
Dompdf 安全漏洞
Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf versions prior to 2.0.0, which originates from an externally controlled filename or path...
Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2021-77583)
SINEC NMS is Siemens' network management system for monitoring and managing industrial networks. A path traversal vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows arbitrary files to be downloaded under...
CVE-2021-33724
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path...
CVE-2021-33725
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory...
CVE-2021-33724
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path...