Lucene search
K

21289 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/03/21 1:0 p.m.19 views

Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts

Co-authored by Yaron Kaplan and Gil Shamgar. AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise." These alerts go beyond traditional threat detection by focusing on attack...

7.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 12:56 p.m.21 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor CVE-2019-20916, CVE-2021-37714, CVE-2016-2175, CVE-2025-26791, CVE-2025-1470, CVE-2025-1471. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a...

7.8CVSS7.8AI score0.06873EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 6:40 a.m.58 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVE's and this bulletin contains information regarding the vulnerability and its fixture Vulnerability Details CVEID:CVE-2019-10082 DESCRIPTION: Apache HTTP Server could allow a remote...

9.8CVSS10AI score0.99999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:8 p.m.32 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...

7.5CVSS10AI score0.99298EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 4:37 p.m.22 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...

8.8CVSS8.3AI score0.01249EPSS
Exploits0Affected Software5
RedhatCVE
RedhatCVE
added 2025/03/20 4:4 p.m.14 views

CVE-2024-57170

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...

6.5CVSS7.2AI score0.00842EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal via the downloadfile method. An attacker can access sensitive information, including configuration files and credentials, by exploiting this...

8.8CVSS7.7AI score0.00922EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the path parameter due to improper input sanitization. An attacker can read arbitrary files on the server by manipulating the input to...

8.7CVSS7.6AI score0.00713EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the /delete-workflow endpoint. An attacker can delete arbitrary files from the filesystem by manipulating file paths to access...

9.1CVSS7.6AI score0.00953EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal in the LockManager.releaselocks function. An attacker can delete arbitrary files on the filesystem by passing an absolute path to the target file ...

9.1CVSS7.6AI score0.00849EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.6 views

Directory Traversal

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal via the downloadmodel function. An attacker can overwrite files in the user's directory by exploiting inadequate prevention of path traversal attacks in malicious tar files...

9.1CVSS7.7AI score0.01357EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.9 views

Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

7.2CVSS7.2AI score0.02458EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the LocalFileManager.cleanup function, by crafting a malicious glob-pattern that is not verified to be within the directory managed by...

8.7CVSS7.6AI score0.00953EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the endpoint for exporting models. An attacker can overwrite any file on the target server by exporting a model to any file in the server's file structure. Note: This vulnerability requires there to be a model th...

7.1CVSS7.7AI score0.00693EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Directory Traversal through the /models/upload endpoint. An attacker can manipulate the file.filename parameter to include directory traversal sequences, causing the resulting filepath to escape the intended...

7.2CVSS7.3AI score0.02458EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 12:32 p.m.4 views

GHSA-CRH6-PJ8C-XRHC Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

6.5CVSS7.5AI score0.02458EPSS
Exploits1References3
Snyk
Snyk
added 2025/03/20 12:32 p.m.6 views

Directory Traversal

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Directory Traversal through the web API POST /api/v1/images/delete. An attacker can delete arbitrar...

9.1CVSS7.6AI score0.01348EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

9.1CVSS7.6AI score0.00769EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

9.1CVSS7.7AI score0.00769EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

8.8CVSS7.6AI score0.0067EPSS
Exploits1References2
Rows per page
Query Builder