CVE-2025-62511 yt-grabber-tui local arbitrary file overwrite via TOCTOU race in config file creation

yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...

CVE-2025-62511

CVE-2025-62511 concerns yt-grabber-tui (C++ TUI app for YouTube downloads). In version 1.0, the loader (Settings.hpp: load_json_settings) checks for config.json with boost::filesystem::exists and, if missing, writes a default configuration via boost::property_tree::write_json. A local attacker wi...

UBUNTU-CVE-2025-57567

A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...

Path Traversal

monai is vulnerable to Path Traversal Zip Slip. The vulnerability is due to extracting user-controlled paths without sanitization, an attacker can supply a crafted or downloadable ZIP to overwrite system files or drop malicious code...

CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

CVE-2025-42937

SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...

Red Hat Enterprise Linux 10 安全漏洞

Red Hat Enterprise Linux 10 is a suite of Linux operating systems for business users from Red Hat, an American company. A security vulnerability exists in Red Hat Enterprise Linux 10 that stems from not properly validating free space, which could result in user encrypted data being overwritten an...

CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

CVE-2025-62156

Argo Workflows (versions

vim: Vim path traversal

A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive...

CVE-2025-42937

SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...

EUVD-2025-34119

SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...

CVE-2025-42937 Directory Traversal vulnerability in SAP Print Service

SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...

PT-2025-41843

Name of the Vulnerable Software and Affected Versions SAP Print Service SAPSprint affected versions not specified Description SAP Print Service SAPSprint does not adequately validate path information provided by users. This allows an unauthenticated attacker to traverse directories and overwrite...

SAP Print Service 安全漏洞

SAP Print Service is a print service from SAP Germany. A security vulnerability exists in SAP Print Service that stems from insufficient validation of user-supplied path information, which could allow an unauthenticated attacker to traverse the parent directory and overwrite system files, severel...

SUSE SLES15 Security Update : podman (SUSE-SU-2025:03584-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03584-1 advisory. - CVE-2025-9566: fixed an issue in kube play command that could cause overwriting host files bsc1249154 Tenable has extracted the preceding...

Security update for podman

This update for podman fixes the following issues: CVE-2025-9566: fixed an issue in kube play command that could cause overwriting host files bsc1249154 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:03584-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-9566: fixed an issue in kube play command that could cause overwriting host files bsc1249154...