Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

CVE-2024-2528

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument roomid leads to sql injection. It is possible to initiate the attack...

CVE-2025-8110 File overwrite in file update API in Gogs

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

CVE-2025-8110 File overwrite in file update API in Gogs

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

MAL-2025-167301 Malicious code in teagood-nakamala37 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca2d30a27f69099744d4fcdcaf1e82416134574faa51c4a41426b1e5beaf16ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-153687 Malicious code in billa-37 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 521364930eb4d57f7fac3ad981ca3260b96011a1f7e744fde3e9ad3659b732c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-107114 Malicious code in pleased_wren-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 187ce5b616e77e40122236bbb7d8729d1c1f87ce7b05b3a3b3860a0b44f1595b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2008-2875

Malware in sbrugna...

EUVD-2012-4600

Malware in sbrugna...

EUVD-2025-11515

Malicious code in bioql PyPI...

EUVD-2022-45105

Malicious code in bioql PyPI...

EUVD-2024-3608

Malicious code in bioql PyPI...

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Summary A vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files' database-resident metadata and / or upload new files, with arbitrary content and extensions, which won't...

CVE-2025-55746

Directus vulnerability (CVE-2025-55746) affects Directus real-time API/dashboard. From 10.8.0 to before 11.9.3, an issue in the file update mechanism lets an unauthenticated actor modify existing files with arbitrary content and/or upload new files (with arbitrary extensions) without updating dat...

CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.0 through 11.9.3 that stems from a file update mechanism that allows unauthenticated participants to modify...

CVE-2024-3686

A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateguide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The...

NetScaler Error: "Unable to complete System File Update request" while saving custom portal theme

On the NetScaler GUI getting the error "Unable to complete System File Update request" while editing and saving the portal theme...

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...