Lucene search
K

21205 matches found

Veracode
Veracode
added 2025/05/02 1:47 p.m.8 views

Improper Neutralization Of Escape, Meta, Or Control Sequences

Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences. The vulnerability is due to certain uncommon rewrite rule configurations, specially crafted requests to bypass these rules, which allows an attacker to circumvent security constraints enforced by them...

9.8CVSS7.1AI score0.0418EPSS
Exploits1References12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 7:23 a.m.53 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002. Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time...

9.8CVSS9.5AI score0.03092EPSS
Exploits5Affected Software2
NVD
NVD
added 2025/05/02 1:15 a.m.19 views

CVE-2024-55913

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

5.3CVSS0.00414EPSS
Exploits0References1
OSV
OSV
added 2025/05/02 1:15 a.m.1 views

CVE-2024-55913

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

5.3CVSS8.4AI score
Exploits0References1
Cvelist
Cvelist
added 2025/05/02 12:38 a.m.19 views

CVE-2024-55913 IBM Concert Software path traversal

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

5.3CVSS0.00414EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/02 12:38 a.m.9 views

CVE-2024-55913 IBM Concert Software path traversal

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

5.3CVSS5.3AI score0.00414EPSS
Exploits0References1
CVE
CVE
added 2025/05/02 12:38 a.m.61 views

CVE-2024-55913

CVE-2024-55913 describes a path traversal in IBM Concert Software 1.0.0–1.0.5 that lets an attacker view arbitrary files via specially crafted URLs containing dot-dot sequences (/../). The root cause is improper handling of URL path components, enabling direct file disclosure without authenticati...

5.3CVSS5.3AI score0.00414EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2025/05/02 12:0 a.m.5 views

VIDSTAMP: a Temporally-Aware Watermark for Ownership and Integrity in Video Diffusion Models

The rapid rise of video diffusion models has enabled the generation of highly realistic and temporally coherent videos, raising critical concerns about content authenticity, provenance, and misuse. Existing watermarking approaches, whether passive, post-hoc, or adapted from image-based techniques...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2025/05/02 12:0 a.m.2 views

IBM Concert 路径遍历漏洞

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...

5.3CVSS6.7AI score0.00414EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.4 views

PT-2025-18734 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.5 Description: The issue allows a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view...

5.3CVSS8.4AI score0.00414EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 9:38 p.m.25 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below...

9.8CVSS8.8AI score0.35963EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 5:30 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an arbitrary code execution in Jinja [CVE-2024-56201]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Jinja, due to a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code CVE-2024-56201. Jinja is used by our Speech Service...

8.8CVSS8AI score0.00301EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2025/05/01 11:25 a.m.37 views

Why top SOC teams are shifting to Network Detection and Response

Security Operations Center SOC teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” i...

7.3AI score
Exploits0
Snyk
Snyk
added 2025/05/01 6:33 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the ‎PackageIndex.downloadurl method. Due to insufficient sanitization of special characters, an attacker can write files to arbitrary locations on the filesystem with the permissions of the process running t...

8.8CVSS8.2AI score0.01479EPSS
Exploits4References3
Snyk
Snyk
added 2025/05/01 6:30 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path parameters in the /demo/static/ endpoint. An attacker can exploit this vulnerability to read arbitrary files from the server’s filesystem by manipulating the request path, potentially exposing sensitive...

8.7CVSS7.6AI score
Exploits0References3
Hacker One
Hacker One
added 2025/05/01 6:30 a.m.8 views

curl: [High] Arbitrary File Write via Path Traversal in cURL CLI (`-o`, `--output`) (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)

Summary: The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences e.g., ../../, cURL writes files outside the current working directory, allowing arbitrary file overwrite. In automated or privileged environments CI/CD, root containers,...

4.3CVSS7.2AI score0.03851EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/05/01 12:0 a.m.7 views

Webmin CRLF Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper neutralization of CRLF sequences...

8.8CVSS7.6AI score
Exploits0
Snyk
Snyk
added 2025/04/30 5:40 p.m.3 views

Directory Traversal

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal through the server.fs.deny configuration due to improper input sanitization. An attacker can bypass server.fs.deny with /. for files under project root...

6.5CVSS7.7AI score0.01077EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/30 10:37 a.m.22 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.1.0 Vulnerability Details CVEID:CVE-2024-55909 DESCRIPTION: IBM Concert Software could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource...

8.8CVSS8.2AI score0.66594EPSS
Exploits0Affected Software1
Rosalinux
Rosalinux
added 2025/04/30 7:45 a.m.36 views

Advisory ROSA-SA-2025-2851

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2023-27522 BDU-ID: 2023-02021 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxyuwsgi component of the Apache HTTP Server web server is related to flaws in HTTP request handling...

9.8CVSS9AI score0.99957EPSS
Exploits2
Rows per page
Query Builder