3374 matches found
ManageEngine OpManager - Directory Traversal
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...
EUVD-2026-43543
AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...
CVE-2026-15681
AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...
CVE-2026-15682
AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...
Telesquare TLR-2855KS6 - Arbitrary File Creation
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...
CVE-2026-21053
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...
CVE-2026-21053
CVE-2026-21053 describes an inability to properly validate input in Samsung Email before 6.2.13.1, allowing local attackers to create arbitrary files inside the app sandbox. Affected product/version: Samsung Email prior to 6.2.13.1. Root cause: improper input validation in the application. Impact...
EUVD-2026-42823
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...
CVE-2026-55668
File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...
CVE-2026-3602
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...
EUVD-2026-40385
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
PT-2026-53945
Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.26 IBM Integration Bus for z/OS versions 10.1.0.0 through 10.1.0.7 Description SQL injection allows a remote attacker to...
PT-2026-54046
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
CVE-2026-2299
CVE-2026-2299 affects the Mattermost Google Drive plugin prior to version 1.1.0. The file creation endpoint does not validate channel membership, allowing authenticated users with a connected Google account to share Google Drive files into unauthorized private channels and disclose private channe...
CVE-2026-53244
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...