1586 matches found
MobSF - Path Traversal
MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...
CVE-2026-46485
Dashy (self-hosted dashboard) is affected prior to version 4.0.8 where the config-saving functionality can allow unauthorized changes to the main config.yaml via OIDC deployments, enabling unauthenticated or non-admin users to modify dashboard configuration. Root cause: permission checks around c...
CVE-2026-55233 OpenResty: Buffer overflow when writing PROXY protocol v2 header to upstream
OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...
CVE-2026-59948
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...
Linux Distros Unpatched Vulnerability : CVE-2026-4360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...
CVE-2026-56365
ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the org.opencontainers.image.title annotation in the artifact manifest when downloading OCI artifacts. An attacker can cause files to be written to arbitrary locations on the host filesystem by supplying a crafte...
CVE-2026-50023 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...
BIT-DOTNET-2026-32175 .NET Core Tampering Vulnerability
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...
CVE-2026-44942
A flaw was found in libzypp. This path traversal vulnerability, present in the handling of the "path" component within .repo files, could allow attackers to write content to directories outside of the intended zypp cache. This unauthorized writing of data can lead to a Denial of Service DoS by...
CVE-2025-71321
CVE-2025-71321 concerns the Python toolset picker scan showing an arbitrary file writing vulnerability in the package before version 0.0.33. The root cause is bypassing the dangerous blocklist by abusing distutils.file_util.write_file, enabling attackers to craft malicious pickle objects that ove...
CVE-2025-71321 picklescan - Arbitrary File Writing via distutils Module Bypass
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...
Directory Traversal
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
AMD uProf 安全漏洞
AMD uProf is a cross-platform performance analysis tool developed by AMD, a company specializing in semiconductors. AMD uProf has a security vulnerability that stems from improper access control. This vulnerability could allow local attackers with user privileges to write to the kernel’s shared...
PT-2026-48153
The RemoteControl API methods invite participants and remind participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...
EUVD-2026-34914
Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...
Markdown Preview Enhanced 安全漏洞
Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained security vulnerabilities. These vulnerabilities stemmed from the use of eval to parse WaveDrom expressions in untrusted markdown content, which...
Dokploy 安全漏洞
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the validatepathelementntfs function. An attacker can write arbitrary files and potentially execute code in the victim's user context by crafting malicious Git repositories with NTFS-hostile tree entries that are...