Lucene search
K

21310 matches found

RedhatCVE
RedhatCVE
added 2025/03/02 7:20 a.m.15 views

CVE-2025-0823

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.8AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/02 12:20 a.m.7 views

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

8.8CVSS9.1AI score0.01404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/01 3:22 p.m.17 views

CVE-2024-54169

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.5AI score0.00435EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/01 6:35 a.m.3 views

Directory Traversal

Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Directory Traversal in the getlogsizelegacy function in api/crud/logs.py. This allows attackers to access locations on the filesystem outside the project directory. Details A...

6.9CVSS7.6AI score
Exploits0References3
Snyk
Snyk
added 2025/03/01 6:34 a.m.1 views

Directory Traversal

Overview lilya is a Yet another ASGI toolkit that delivers Affected versions of this package are vulnerable to Directory Traversal in getpath function in staticfiles.py. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outside...

8.7CVSS7.6AI score
Exploits0References3
NVD
NVD
added 2025/03/01 3:15 a.m.3 views

CVE-2025-23119

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect Cameras adjacent network...

7.5CVSS0.00722EPSS
Exploits0References1
CVE
CVE
added 2025/03/01 1:52 a.m.58 views

CVE-2025-23119

CVE-2025-23119 affects UniFi Protect Cameras. The issue is an improper neutralization of escape sequences that can enable an authentication bypass and remote code execution when a malicious actor has access to a network adjacent to the cameras. The attack surface is network-adjacent access, with ...

7.5CVSS7.6AI score0.00722EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/01 1:52 a.m.4 views

CVE-2025-23119

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect Cameras adjacent network...

7.5CVSS7.8AI score0.00722EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/01 1:52 a.m.9 views

CVE-2025-23119

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect Cameras adjacent network...

7.5CVSS0.00722EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 9:15 p.m.9 views

CVE-2025-27413

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS0.01079EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/02/28 9:2 p.m.6 views

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS6.8AI score0.01079EPSS
Exploits1References6
CVE
CVE
added 2025/02/28 9:2 p.m.65 views

CVE-2025-27413

Summary of CVE-2025-27413 (PwnDoc) : Prior to version 1.2.0, PwnDoc’s backup restore functionality accepts raw data containing Path Traversal sequences (../). The template update process uses the database path to write content, which can overwrite source code and enable Remote Code Execution (RCE...

6.5CVSS7.6AI score0.01079EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/02/28 9:2 p.m.11 views

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS0.01079EPSS
Exploits1References6
OSV
OSV
added 2025/02/28 9:2 p.m.32 views

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS7.3AI score0.01079EPSS
Exploits1References8
OSV
OSV
added 2025/02/28 3:15 p.m.3 views

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

8.8CVSS5.9AI score0.01404EPSS
Exploits0References6
NVD
NVD
added 2025/02/28 3:15 p.m.7 views

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

8.8CVSS0.01404EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/28 7:34 a.m.15 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to golang.org/x/net/html, libxml2 and openssl

Summary golang.org/x/net/html, libxml2, openssl, IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service by crafting an input to the Parse functions, and providing weaker than expected security which might allow an attacker to access potentially...

8.8CVSS8.2AI score0.05966EPSS
Exploits0Affected Software1
hivepro
hivepro
added 2025/02/28 4:12 a.m.8 views

EPSS Decoded: An Examination & Comparison to CVSS

Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! A Paradigm Shift in Vulnerability Management Vulnerability...

8.2AI score
Exploits0
OSV
OSV
added 2025/02/28 3:15 a.m.3 views

CVE-2025-0823

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS5.9AI score0.0054EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 3:15 a.m.22 views

CVE-2025-0823

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.0054EPSS
Exploits0References1
Rows per page
Query Builder