EUVD-2026-34914

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

Directory Traversal

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Directory Traversal via the normalize or equal functions. An attacker can bypass path-based access controls by submitting specially crafted percent-encoded or dot segments in URLs,...

CVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

Directory Traversal

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

EUVD-2025-206859

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...

Directory Traversal

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the keras.utils.getfile function when extracting tar archives. An attacker can write arbitrary files outside the intended extraction directory by...

PT-2025-39247

Name of the Vulnerable Software and Affected Versions nncp versions prior to 8.12.0 Description The software contains a path traversal flaw that could allow reading or writing to files. This issue occurs during the process of freqing and saving files when handling crafted paths within packet data...

Google Cloud Dataform 安全漏洞

Google Cloud Dataform is a platform for automated workflow processing from Google, Inc. in the United States. A security vulnerability exists in Google Cloud Dataform that stems from path traversal during NPM package installation, which could result in reading and writing to other customer...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2024-2342)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-31856 CyberPower PowerPanel business SQL Injection

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in improper session management, allowing attackers to execute arbitrary code.

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in improper session management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing the file to any location within the file system...

CVE-2022-33233

CVE-2022-33233 affects Qualcomm modem (closed-source components) and is described as memory corruption caused by a configuration weakness when sending commands to write to protected files. The vulnerability is localized (LOCAL) with low privileges required and no user interaction, and is rated HI...

Design/Logic Flaw

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

[SECURITY] Fedora 34 Update: ignition-2.14.0-1.fc34

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

[SECURITY] Fedora 36 Update: ignition-2.14.0-1.fc36

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

CVE-2022-28775

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission...

Gitlab 13.9.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/1125425...

MPXJ path Traversal vulnerability

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

Arbitrary File Write

Packwood MPXJ is vulnerable to arbitrary file write. The vulnerability exists because it does not properly validate the path from inputStream, leading to the writing of files outside of the target directory...

CVE-2020-25247

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...