Total
419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36473 | 1 Trendmicro | 1 Vpn Proxy One | 2025-07-30 | 5.3 Medium |
| Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges. | ||||
| CVE-2025-49138 | 1 Psu | 1 Haxcms-php | 2025-07-30 | 6.5 Medium |
| HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue. | ||||
| CVE-2024-6829 | 1 Aimstack | 1 Aim | 2025-07-23 | N/A |
| A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files. This can lead to arbitrary data being written to arbitrary locations on the remote tracking server, which could be used for further attacks such as writing a new SSH key to the target server. | ||||
| CVE-2025-0452 | 1 Dbgpt | 1 Db-gpt | 2025-07-17 | N/A |
| eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '\' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete any files on the host system by manipulating the 'plugin_repo_name' variable. | ||||
| CVE-2024-10834 | 1 Dbgpt | 1 Db-gpt | 2025-07-17 | N/A |
| eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to `os.path.join`, enabling an attacker to write files to arbitrary locations on the target server. This vulnerability can be exploited by setting the `doc_file.filename` to an absolute path, which can lead to overwriting system files or creating new SSH-key entries. | ||||
| CVE-2024-12058 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | 6.8 Medium |
| External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | ||||
| CVE-2023-45588 | 1 Fortinet | 2 Forticlient, Forticlientmac | 2025-07-15 | 7.8 High |
| An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | ||||
| CVE-2024-8616 | 1 H2o | 1 H2o | 2025-07-15 | N/A |
| In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system. | ||||
| CVE-2024-5334 | 1 Stitionai | 1 Devika | 2025-07-15 | N/A |
| A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server. | ||||
| CVE-2025-6691 | 1 Brainstormforce | 1 Sureforms | 2025-07-11 | 8.1 High |
| The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2023-29324 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-10 | 6.5 Medium |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2024-38173 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-10 | 6.7 Medium |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-38165 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2025-07-10 | 6.5 Medium |
| Windows Compressed Folder Tampering Vulnerability | ||||
| CVE-2025-25478 | 1 Syspass | 1 Syspass | 2025-07-09 | 6.5 Medium |
| The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password. | ||||
| CVE-2024-38657 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-09 | 4.9 Medium |
| External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | ||||
| CVE-2024-38029 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-07-08 | 7.5 High |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | ||||
| CVE-2024-43615 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-08 | 7.1 High |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | ||||
| CVE-2024-43581 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-08 | 7.1 High |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | ||||
| CVE-2024-33671 | 1 Veritas | 1 Backup Exec | 2025-06-30 | 7.7 High |
| An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | ||||
| CVE-2024-57394 | 1 Qianxin | 1 Tianqing Endpoint Security Management System | 2025-06-23 | 8.8 High |
| The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities. | ||||