CVE-2025-69429

The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...

CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

CVE-2025-64729

The CVE-2025-64729 entry concerns AVEVA Process Optimization. Affected software: Process Optimization with user-authenticated access (OS Standard User). The documented vulnerability allows an authenticated attacker to tamper with Process Optimization project files, embed code, and escalate privil...

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

CVE-2025-8386

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

MAL-2025-151169 Malicious code in aben-poke22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2c4d0ff2d8d54ef3f17226de773ebf9479f9e12f8f54956db7a5856e6f1d80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in joko-empal10-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae2da0960fa55dec0fa20fb51dfe177ea4794023f5eb7d9cdeb2bd4afb1f955e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Astra Linux – Vulnerability in open-vm-tools

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper with local files to trigger insecure file operations within that VM...

AZL-67806 CVE-2025-22247 affecting package open-vm-tools for versions less than 12.3.5-2

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM...

UBUNTU-CVE-2025-22247

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM...

Siemens RUGGEDCOM CROSSBOW 安全漏洞

Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a filename or path external control vulnerability due to an affected system allowing a privileged user to upload firmware files to the root installation director...

guava: insecure temporary directory creation

A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory...

guava: insecure temporary directory creation

A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory...

CVE-2023-5399

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command...

CVE-2022-33877

An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter Windows versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the...

CVE-2017-8133

Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a...