PT-2026-4471

Name of the Vulnerable Software and Affected Versions miniserve version 0.32.0 Description A time-of-check to time-of-use TOCTOU and symlink race condition exists in miniserve when uploads are enabled. This can allow an attacker to overwrite arbitrary files outside the intended upload directory i...

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

CVE-2025-67124

The CVE-2025-67124 entry concerns a TOCTOU and symlink race in miniserve 0.32.0 during upload finalization. The vulnerability can let an attacker overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create or replace filesystem entries in the u...

CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...

PT-2019-18692 · Prima Systems · Flexair

Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue is related to improper validation of file extensions when uploading files. This could allow a remote authenticated attacker to upload and execute malicious applications...