Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

Cisco Adaptive Security Appliance (ASA) Software Multiple Context File Copy (cisco-sa-asa-scpcxt-filecpy-rgeP73nE)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

PT-2026-25856

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where an authenticated user with Create or Rename permissions can bypass administrator-configured deny rules. This is due to the order in...

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

GO-2026-4396 OpenList vulnerable to Path Traversal in file copy and remove handlers in github.com/OpenListTeam/OpenList

OpenList vulnerable to Path Traversal in file copy and remove handlers in github.com/OpenListTeam/OpenList...

PT-2026-6520

OpenList vulnerable to Path Traversal in file copy and remove handlers in github.com/OpenListTeam/OpenList...

CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

GHSA-QMJ2-8R24-XXCQ OpenList vulnerable to Path Traversal in file copy and remove handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal and copying across user...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the FsRemove and FsCopy functions. An attacker can access and manipulate files outside of their authorized directory by injecting traversal sequences into filename components. This allows unauthorized file remova...

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...

EUVD-2025-8754

Malicious code in bioql PyPI...

PYSEC-2025-119

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

PT-2025-23225 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.31.0 Description: Gradio is an open-source Python package that allows quick building of demos and web applications for machine learning models, API, or any arbitrary Python function. An arbitrary file copy...

[SECURITY] Fedora 39 Update: rust-uu_tee-0.0.23-3.fc39

tee uutils display input and copy to FILE...

Plantronics Hub 3.25.1 Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

Plantronics Hub 3.25.1 - Arbitrary File Read Vulnerability

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents...

CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents...

CVE-2023-28465

CVE-2023-28465 affects HL7 FHIR Core Libraries prior to 5.6.106. The vulnerability stems from the package‑decompression feature, allowing directory traversal that enables copying arbitrary files to certain directories when an attacker’s chosen path contains a substring of an allowed directory nam...

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...