CVE-2026-24488

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on the server...

GHSA-JV9M-VF54-CHJJ Flowise is vulnerable to arbitrary file write through its WriteFileTool

Summary The WriteFileTool in Flowise does not restrict the file path for reading, allowing authenticated attackers to exploit this vulnerability to write arbitrary files to any path in the file system, potentially leading to remote command execution. Details Flowise supports providing WriteFileTo...

CVE-2025-61913

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

EUVD-2025-14023

Malicious code in bioql PyPI...

Huawei FusionCompute 代码问题漏洞

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, among others. A security vulnerability exists in Huawei FusionCompute, which stems from the application improperly validating uploaded files...

Desdev DedeCMS Arbitrary File Upload Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval is equal to one of the PHP Web site content management system CMS. A security vulnerability exists in...

ntp: config command can be used to set the pidfile and drift file paths

It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process immediately or the current estimated drift of the...

yiqicms system delete_file.php has arbitrary file deletion vulnerability

Yiqicms is the first marketing enterprise website system completely based on SEO-friendly development, using PHP+Mysql open source building system. Yiqicms 1.8 version of the background there are arbitrary file deletion vulnerability , because the program does not limit the deletion of directorie...

UberFire: Information disclosure and RCE via insecure file upload/download servlets

It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...

UberFire: Information disclosure and RCE via insecure file upload/download servlets

It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...