Arbitrary File Write

open-webui/open-webui is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of file paths in the downloadmodel endpoint on Windows, which allows an attacker to manipulate file paths and write files to arbitrary locations on the server...

CVE-2026-36723

CVE-2026-36723 affects bookcars v8.3. An unrestricted file rename vulnerability in the /api/create-user component allows authenticated attackers to exploit directory traversal to move files from temporary storage to arbitrary locations on the server filesystem, enabling unauthorized access to sen...

PT-2026-41864

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

CVE-2024-27283

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed...

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from an incorrect limitation on the path name for the restricted access directory. This allows a malicious user to write files to arbitrary locations on the server when creating a working area.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to perform file writing operations at arbitrary locations o...

CVE-2021-31314

File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...

Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware...

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and...

Blueprints of Australia's top spy agency headquarters stolen by Chinese hackers

Secret and highly sensitive and $630 million building blueprints outlining the layout of Australia's top spy agency's new headquarters have been stolen by Chinese hackers. According to a report by the ABC's Four Corners, the blueprints included floor plans, communications cabling, server location...

Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability

Exploit for unknown platform in category web applications ============================================================== Moodle 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability ============================================================== Moodle File Disclosure Vulnerability Systems Affecte...