21310 matches found
CVE-2025-0823
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2025-26326
A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...
CVE-2024-54169
IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
Directory Traversal
Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Directory Traversal in the getlogsizelegacy function in api/crud/logs.py. This allows attackers to access locations on the filesystem outside the project directory. Details A...
Directory Traversal
Overview lilya is a Yet another ASGI toolkit that delivers Affected versions of this package are vulnerable to Directory Traversal in getpath function in staticfiles.py. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outside...
CVE-2025-23119
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect Cameras adjacent network...
CVE-2025-23119
CVE-2025-23119 affects UniFi Protect Cameras. The issue is an improper neutralization of escape sequences that can enable an authentication bypass and remote code execution when a malicious actor has access to a network adjacent to the cameras. The attack surface is network-adjacent access, with ...
CVE-2025-23119
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect Cameras adjacent network...
CVE-2025-23119
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect Cameras adjacent network...
CVE-2025-27413
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...
CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...
CVE-2025-27413
Summary of CVE-2025-27413 (PwnDoc) : Prior to version 1.2.0, PwnDoc’s backup restore functionality accepts raw data containing Path Traversal sequences (../). The template update process uses the database path to write content, which can overwrite source code and enable Remote Code Execution (RCE...
CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...
CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...
CVE-2025-26326
A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...
CVE-2025-26326
A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to golang.org/x/net/html, libxml2 and openssl
Summary golang.org/x/net/html, libxml2, openssl, IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service by crafting an input to the Parse functions, and providing weaker than expected security which might allow an attacker to access potentially...
EPSS Decoded: An Examination & Comparison to CVSS
Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! A Paradigm Shift in Vulnerability Management Vulnerability...
CVE-2025-0823
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2025-0823
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...