Lucene search
K

21303 matches found

Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.9 views

CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

6.5CVSS6.9AI score0.02458EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.9 views

CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

6.5CVSS0.02458EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.51 views

CVE-2024-7034

Open WebUI 0.3.8 is affected by a directory traversal vulnerability in the /models/upload endpoint due to unsafe handling of file.filename, allowing arbitrary file writes outside the UPLOAD_DIR and potentially overwriting system files. This can lead to unauthorized modifications and may enable re...

7.2CVSS6.9AI score0.02458EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.11 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1296)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...

9.3CVSS7.6AI score0.10047EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.11 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1295)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...

9.3CVSS7.6AI score0.10047EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2025/03/19 9:30 p.m.10 views

OpenShift Console Has a Path Traversal Vulnerability

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS6.5AI score0.00465EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/03/19 9:30 p.m.2 views

GHSA-69X5-HJG4-M267 OpenShift Console Has a Path Traversal Vulnerability

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS6.8AI score0.00465EPSS
Exploits0References5
Snyk
Snyk
added 2025/03/19 7:42 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /locales/resources.json endpoint. An attacker can access any files with the .json extension on the console's pod. Details A Directory Traversal attack also known as path traversal aims to access files and...

5.3CVSS7.7AI score0.00465EPSS
Exploits0References2
NVD
NVD
added 2025/03/19 7:15 p.m.6 views

CVE-2024-7631

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS0.00465EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/19 6:47 p.m.7 views

CVE-2024-7631 Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS4.6AI score0.00465EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/19 6:47 p.m.10 views

CVE-2024-7631 Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS0.00465EPSS
Exploits0References3
CVE
CVE
added 2025/03/19 6:47 p.m.93 views

CVE-2024-7631

OpenShift Console CVE-2024-7631 describes a path traversal flaw in the locales/resources.json endpoint where lng/ns are used to build a file path in pkg/plugins/handlers unsafely.go, allowing an authenticated user to read arbitrary JSON files on the console pod by using ../ sequences. Connected d...

4.3CVSS4.5AI score0.00465EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/19 6:46 p.m.7 views

CVE-2024-7631

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS6.9AI score0.00465EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/03/19 11:45 a.m.10 views

Security update for python311

This update for python311 fixes the following issues: Skip PGO with %wantreproduciblebuilds bsc1239210 CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. Configure externallymanaged with a bcond bsc1228165. Update to 3.11.11: Tools/Demos gh-123418: Update...

8.4CVSS10AI score0.33936EPSS
Exploits6References82
OSV
OSV
added 2025/03/19 11:31 a.m.7 views

SUSE-SU-2025:20154-1 Security update for python311

This update for python311 fixes the following issues: - Skip PGO with %wantreproduciblebuilds bsc1239210 - CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. - Configure externallymanaged with a bcond bsc1228165. - Update to 3.11.11: - Tools/Demos - gh-123418...

9.8CVSS7AI score0.33936EPSS
Exploits6References42
OpenVAS
OpenVAS
added 2025/03/19 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.3AI score0.01019EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/03/19 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1295)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.3AI score0.01019EPSS
Exploits0References2
OSV
OSV
added 2025/03/18 4:15 p.m.5 views

CVE-2024-57170

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...

6.5CVSS5.9AI score0.00842EPSS
Exploits1References1
NVD
NVD
added 2025/03/18 4:15 p.m.10 views

CVE-2024-57170

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...

6.5CVSS0.00842EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/18 2:59 p.m.26 views

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...

9.8CVSS9.5AI score0.18891EPSS
Exploits4Affected Software1
Rows per page
Query Builder