4 matches found
CVE-2026-58166
OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...
Check Point Harmony SASE 安全漏洞
Check Point Harmony SASE is a Secure Access Service edge application from Check Point Israel. A security vulnerability exists in Check Point Harmony SASE that originates when a local user can trigger a client to write or delete files outside of the expected certificate working directory...
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...
CVE-2024-7037 Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...