PT-2025-35242

Name of the Vulnerable Software and Affected Versions: Diebold Nixdorf Vynamic Security Suite versions through 4.3.0 SR06 Description: The software contains functionality that allows the removal of critical system files before the filesystem is properly mounted, such as using a delete call in...

CVE-2025-35115

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...

CVE-2025-35115

CVE-2025-35115 affects Agiloft Release 28, where critical system package downloads occur over insecure HTTP, enabling a MITM attacker to replace or modify the download URL contents. Root cause: lack of secure transport during package retrieval. Impact per sources: potential integrity and confiden...

CVE-2025-6474

The CVE-2025-6474 entry concerns code-projects Inventory Management System 1.0 and the vulnerable file /changeUsername.php. Multiple connected reports confirm that the vulnerability is a SQL injection caused by unsafely handling the user_id parameter, enabling remote exploitation and potentially ...

CVE-2025-3183

A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. The attack can ...

InvokeAI Arbitrary File Deletion vulnerability

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

GHSA-227R-W5J2-6243 InvokeAI Arbitrary File Deletion vulnerability

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

CVE-2024-11042

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

CVE-2024-10361 Arbitrary File Deletion via Path Traversal in danny-avila/librechat

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...

CVE-2024-11042

CVE-2024-11042 affects invoke-ai/invokeai v5.0.2. The web API endpoint POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion , enabling an attacker to delete arbitrary server files (e.g., SSH keys, SQLite databases, configuration files), potentially compromising integrity and availa...

CVE-2025-20119

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...

CVE-2025-23054

CVE-2025-23054 affects the web-based management interface of HPE Aruba Networking Fabric Composer. It describes an authenticated low-privilege operator who can perform operations outside their privilege level, potentially leading to manipulation of user-generated files and unauthorized changes to...

CRI-O Path Traversal vulnerability

A vulnerability was found in CRI-O. A path traversal issue in the log management functions UnMountPodLogs and LinkContainerLogs may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system...

CVE-2025-21510

...

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2024-737)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-737 advisory. A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x...

MacTaggart Scott: Overwrite any file of the web server

The web server was vulnerable to file overwrite due to a vulnerable module used to generate files. An attacker could have overwritten any file on the web server, including critical system files, by sending a specially crafted request...

DEBIAN-CVE-2024-20506

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

AZL-48665 CVE-2024-20506 affecting package clamav for versions less than 1.0.7-1

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...

AZL-48624 CVE-2024-20506 affecting package clamav for versions less than 1.0.7-1

A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt...