CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

PT-2026-34581

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

Wish has SCP Path Traversal that allows arbitrary file read/write

The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequence...

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

PT-2026-31908

Name of the Vulnerable Software and Affected Versions FalkorDB Browser version 1.9.3 Description The FalkorDB Browser application is susceptible to an unauthenticated path traversal flaw within its file upload API. This allows remote attackers to write arbitrary files, potentially leading to remo...

CVE-2026-4619

CVE-2026-4619 concerns a path traversal vulnerability in NEC Platforms, Ltd. Aterm Series. Multiple sources confirm that an attacker can overwrite arbitrary files over the network, via the affected device’s web/management interfaces. The issue is associated with the NEC Aterm family, and is liste...

CVE-2026-22163

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

PT-2026-25919

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via a combination with permissive CORS configuration. An attacker can access, write, and delete arbitrary files on a developer's machine by enticing the victim to visit a malicious website while the development serve...

EUVD-2025-208358

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

CVE-2025-41756 Arbitrary Write with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

PT-2026-24026

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41756 Description A low-privileged remote attacker can exploit the ubr-editfile method in the /wwwubr.cgi API endpoint to write arbitrary files on the system. The /wwwubr.cgi endpoint is undocumented and unused...

CVE-2025-70341

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...

CVE-2026-20660

A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files...

FUXA 访问控制错误漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contained a security vulnerability related to access control. This vulnerability was caused by path traversal attacks, which could allow unverified remote attackers to write arbitrary...

CVE-2020-37123 Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

CVE-2026-23746 Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2021-22664

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code...