gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access...
7.1AI Score
0.007EPSS
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary...
6.1AI Score
0.0004EPSS
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie...
6.4AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than...
5.5AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...
5.6AI Score
0.004EPSS
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are...
6.5AI Score
0.007EPSS