CVE-2023-53879 NVClient 5.0 Stack Buffer Overflow Vulnerability via User Configuration

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition...

GO-2025-4221 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel

SiYuan: ZipSlip - Arbitrary File Overwrite - RCE in github.com/siyuan-note/siyuan/kernel...

PT-2025-51297

Name of the Vulnerable Software and Affected Versions NVClient version 5.0 Description NVClient 5.0 contains a stack buffer overflow in the user configuration contact field. An attacker can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, leading to a denial of...

Improper Access Control

apacheairflow is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks in the bulk create API with the overwrite action, which allows an attacker with only CREATE privileges to update existing Pools, Connections, and Variables without having UPDATE...

Arbitrary File Upload

pytorch-lightning is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of filenames in the /api/v1/uploadfile/ endpoint, which allows an attacker to overwrite arbitrary files and potentially execute malicious code...

Path Traversal

Grav is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of the username path during user creation, where Grav writes the account YAML file to an unintended location outside user/accounts/ when a username contains path traversal sequences, allowing attackers to...

Directory Traversal

org.craftercms, crafter-studio is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs, which allows an unauthenticated attacker to overwrite arbitrary files on the operating system via crafted path traversal sequences, potentially leading to Remo...

CVE-2025-65530

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

CVE-2025-36932

In tracepointmsghandler of cpm/google/lib/tracepoint/tracepointipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-203095

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

Weaviate 安全漏洞

Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate versions prior to 1.33.4, which originates from an attacker who can escape the root directory during backup restoration using absolute path or directory traversal, potentially resulti...

CloudLinux OS 安全漏洞

CloudLinux OS is an operating system from the American company CloudLinux. A security vulnerability exists in CloudLinux OS versions prior to 32.7.4, which stems from an eval injection in malware anti-obfuscation routines that allows an attacker to overwrite arbitrary files by scanning specially...

PT-2025-50945

Name of the Vulnerable Software and Affected Versions CloudLinux ai-bolit versions prior to 32.7.4 Description An eval injection exists in the malware de-obfuscation routines. This allows attackers to overwrite arbitrary files as root by scanning a crafted file. The issue affects the de-obfuscati...

CVE-2025-65530

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

CVE-2025-65530

CVE-2025-65530 describes an eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit, affecting versions prior to 32.7.4. The vulnerability enables attackers to overwrite arbitrary files as root by scanning a crafted file, as stated in Red Hat, ENISA, NVD, CIRCL, CVE List, and...

CVE-2025-65530

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...