CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

GL.iNet <= 4.3.7 - Arbitrary File Write

GL.iNet = 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files. id: CVE-2023-46455 info: name: GL.iNet = 4.3.7 - Arbitrary File Write author: Zierax severity: high description: | GL.iNet = 4.3.7 is vulnerable to an arbitrary file write...

7.5CVSS7.2AI score0.46966EPSS

Exploits4References2

Positive Technologies•added 2026/03/19 12:0 a.m.•2 views

PT-2026-26300

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.3 and prior Description NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. The NLTK downloader does not validat...

8.1CVSS6AI score0.00397EPSS

Exploits1References25

Snyk•added 2026/03/02 9:47 p.m.•5 views

Directory Traversal

Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the fileformat parameter in the savereport tool. An...

9.8CVSS6.5AI score0.00443EPSS

Exploits0References2

CVE•added 2026/02/26 10:52 p.m.•13 views

CVE-2026-28269

Kiteworks Core is affected by an OS command injection vulnerability in its command execution feature prior to version 9.2.0. Authenticated users could redirect command output to arbitrary file locations, potentially overwriting critical system files and gaining elevated access. The issue is addre...

8.8CVSS5.9AI score0.01951EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/26 10:52 p.m.•3 views

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

8.8CVSS6.1AI score0.01951EPSS

Exploits0References2Affected Software1

SUSE CVE•added 2026/02/19 12:25 a.m.•3 views

SUSE CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

7.3CVSS5.7AI score0.00108EPSS

Exploits0References3

OSV•added 2026/02/03 6:16 p.m.•3 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

9.8CVSS6.2AI score

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•4 views

CVE-2025-23051

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...

7.2CVSS7AI score0.00687EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:31 a.m.•8 views

CVE-2019-16155

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more...

7.1CVSS7.3AI score0.00443EPSS

Exploits1References1

OSV•added 2025/12/10 4:15 a.m.•7 views

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

5.3CVSS5.8AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2025/10/15 9:42 p.m.•3 views

CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

8.1CVSS6.6AI score0.00539EPSS

Exploits1References7