BIT-MLFLOW-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

ROS-20250924-05

The Kea open source DHCP server vulnerability is related to input validation errors in the file path processing. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system Kea open source DHCP server vulnerability is related to incorrect default permissions for...

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the import directory path configuration. An attacker can execute arbitrary code by uploading a malicious plugin to the prepackaged plugins directory. This is only exploitable if the attacke...

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

CVE-2025-43298

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges...

CVE-2025-43190

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data...

CVE-2025-43314

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data...

CVE-2025-35430

CISA Thorium does not adequately validate the paths of downloaded files via 'downloadephemeral' and 'downloadchildren'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2...

CVE-2025-35430

CVE-2025-35430 affects the CISA Thorium framework. The vulnerability stems from inadequate validation of downloaded file paths in the functions download_ephemeral and download_children, allowing a remote, authenticated attacker to access arbitrary files subject to filesystem permissions. Affected...

CVE-2025-35430 CISA Thorium insecure downloaded file path validation

CISA Thorium does not adequately validate the paths of downloaded files via 'downloadephemeral' and 'downloadchildren'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2...

CVE-2025-10058

Mode C: The WP Import – Ultimate CSV XML Importer for WordPress plugin is affected (versions

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

CISA Thorium 安全漏洞

CISA Thorium is a highly scalable distributed malware analysis and data generation framework for the U.S. Cybersecurity and Infrastructure Security Administration CISA government division. A security vulnerability exists in CISA Thorium versions prior to 1.1.2 that stems from insufficient...

PT-2025-38226

Name of the Vulnerable Software and Affected Versions CISA Thorium versions prior to 1.1.2 Description CISA Thorium does not adequately validate the paths of downloaded files via download ephemeral and download children. A remote, authenticated attacker could access arbitrary files subject to fil...

CISA Thorium multiple vulnerabilities

RISK EVALUATION CISA Thorium is a framework used for malware analysis. Multiple vulnerabilities were reported in Thorium. Impacts include denial of service, authenticated arbitrary file read, and failure to expire previously issued user tokens. 2. RECOMMENDED PRACTICES These issues were...

CVE-2025-43314

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access sensitive user data...

CVE-2025-43314

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data...

CVE-2025-43298

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to gain root privileges...

CVE-2025-43190

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, visionOS 26, macOS Sequoia 15.7. An app may be able to access sensitive user data...