CVE-2026-33698

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

CVE-2026-21001

Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

EUVD-2026-12319

Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

CVE-2026-21000

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

EUVD-2005-0215

Malware in sbrugna...

EUVD-2006-3853

Malware in sbrugna...

EUVD-2012-0724

Malware in sbrugna...

EUVD-2025-27855

Malicious code in bioql PyPI...

CVE-2025-20295

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files. This vulnerabili...

ALPINE-CVE-2025-46835

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...

CVE-2025-52922

Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...

CVE-2025-52922

Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...

CVE-2025-0103 Expedition: SQL Injection Vulnerability

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...

DEBIAN-CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

K55580033: iControl REST vulnerability CVE-2022-35728

Security Advisory Description An authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. CVE-2022-35728 Impact A remote unauthenticated attacker may be able to reuse, for a limited time, an authenticated user's iControl REST...

Path Traversal

org.dspace:dspace-jspui is vulnerable to path traversal. The vulnerability exists due to the resumable upload implementations in SubmissionController and FileUploadRequest components, which allows an attacker to modify request parameters during submission and create files or directories anywhere ...

CVE-2022-31217

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

PT-2022-20616 · Unknown · Drive Composer

Name of the Vulnerable Software and Affected Versions: Drive Composer affected versions not specified Description: The issue allows a low-privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content, provided the file does not already exist...

ABB Mint WorkBench 安全漏洞

ABB Mint WorkBench is a single Windows tool from ABB Switzerland that is compatible with the ABB family of motion controllers and servo drives. A security vulnerability exists in ABB Mint WorkBench 5866 and prior versions that originated from allowing a low-privileged attacker to create and write...

Path Traversal

org.neo4j.procedure:apoc is vulnerable to path traversal. A remote attacker is able to retrieve and download files from outside the authorized directory and under some circumstances to also create files on the affected server resulting in path traversal vulnerability...