CVE Daily
← All tags

Tag: Arbitrary File Write

All CVEs associated with "Arbitrary File Write". Page 1/1 • 34 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-12
Medium

CVE-2024-52964

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9…

CVSS: 5.5 CWE: CWE-22
Read more
2025-08-05
Critical

CVE-2025-54802

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package para…

CVSS: 9.8 CWE: CWE-22
Read more
2025-08-02
High

CVE-2025-54386

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installati…

CVSS: 7.3 CWE: CWE-22
Read more
2025-07-22
Medium

CVE-2025-51475

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted…

CVSS: 5.0 CWE: CWE-22
Read more
High

CVE-2025-51480

Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing…

CVSS: 8.8 CWE: CWE-22
Read more
2025-07-21
Critical

CVE-2025-54071

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file writ…

CVSS: 9.4 CWE: CWE-434
Read more
2025-07-14
High

CVE-2025-7619

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attacke…

CVSS: 8.8 CWE: CWE-23
Read more
2025-07-07
High

CVE-2025-6806

Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2025-6801

Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of…

CVSS: 7.5 CWE: CWE-22
Read more
2025-06-18
Medium

CVE-2025-5981

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI fl…

CVSS: 6.5 CWE: CWE-427
Read more
2025-05-13
Medium

CVE-2025-22859

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited ar…

CVSS: 5.3 CWE: CWE-23
Read more
2025-05-07
Medium

CVE-2025-20213

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an af…

CVSS: 5.5 CWE: CWE-78
Read more
Medium

CVE-2025-20949

Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.

CVSS: 5.1 CWE: CWE-22
Read more
2025-03-20
Critical

CVE-2024-8019

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing…

CVSS: 9.1 CWE: CWE-434
Read more
High

CVE-2024-7034

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of `file_…

CVSS: 7.2 CWE: CWE-22
Read more
High

CVE-2024-7033

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowi…

CVSS: 7.2 CWE: CWE-29
Read more
High

CVE-2024-11170

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and p…

CVSS: 8.8 CWE: CWE-29
Read more
Critical

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attacke…

CVSS: 9.8 CWE: CWE-434
Read more
Critical

CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers…

CVSS: 9.8 CWE: CWE-89
Read more
Critical

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to…

CVSS: 9.1 CWE: CWE-73
Read more
Critical

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowi…

CVSS: 9.1 CWE: CWE-22
Read more
2025-03-19
Critical

CVE-2025-27783

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also…

CVSS: 9.8 CWE: CWE-22
Read more
Critical

CVE-2025-27782

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can…

CVSS: 9.8 CWE: CWE-22
Read more
2025-01-14
Medium

CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it…

CVSS: 6.5 CWE: CWE-22
Read more
2024-12-10
High

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive f…

CVSS: 8.6 CWE: CWE-29
Read more
2024-11-22
High

CVE-2024-6233

Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Poi…

CVSS: 7.8 CWE: CWE-59
Read more
2024-11-18
High

CVE-2020-26074

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.…

CVSS: 7.8 CWE: CWE-250
Read more
High

CVE-2020-26071

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of s…

CVSS: 8.4 CWE: CWE-22
Read more
2024-11-15
Medium

CVE-2023-20093

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These…

CVSS: 4.4 CWE: CWE-61
Read more
Medium

CVE-2023-20092

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These…

CVSS: 4.4 CWE: CWE-61
Read more
Medium

CVE-2023-20091

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulner…

CVSS: 5.1 CWE: CWE-61
Read more
Medium

CVE-2023-20004

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These…

CVSS: 4.4 CWE: CWE-59
Read more
2024-10-09
High

CVE-2024-7037

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vul…

CVSS: 7.2 CWE: CWE-22
Read more
2024-07-17
Critical

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying ope…

CVSS: 9.8 CWE: CWE-36
Read more