UBUNTU-CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

CVE-2026-1703 Limited path traversal when installing wheel archives

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

CVE-2025-54307

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The pluploadfileupload function handles these fil...

CVE-2025-54307

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The pluploadfileupload function handles these fil...

EUVD-2025-201174

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The pluploadfileupload function handles these fil...

CVE-2025-54307

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The pluploadfileupload function handles these fil...

PT-2025-49044

Name of the Vulnerable Software and Affected Versions Thermo Fisher Torrent Suite version 5.18.1 Description The Django application within Thermo Fisher Torrent Suite has a flaw related to file uploads. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ API...

CVE-2024-50592

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...

CVE-2021-31859

Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream...

CVE-2020-13539

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of t...

CVE-2022-26237

The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data...

Beckman Coulter Remisol Advance 安全漏洞

Beckman Coulter Remisol Advance is a leading middleware solution for clinical laboratories, bridging laboratory information systems LIS and instrumentation from Beckman Coulter, Inc. A security vulnerability exists in Beckman Coulter Remisol Advance v2.0.12.1 and prior versions, which stems from...

Mobotap Dolphin Browser for Android Arbitrary File Write Vulnerability

Mobotap Dolphin Browser for Android is a web browser for the Android platform from MoboTap. An arbitrary file write vulnerability exists in version 12.0.2 of Mobotap Dolphin Browser for Android. An attacker can exploit this vulnerability to overwrite executable files in the Dolphin Browser data...

Cisco VPN client weak permissons

Weak installation permissions allow unprivileged user to overwrite executable...