Lucene search
K

21311 matches found

CVE
CVE
added 2025/02/19 10:16 p.m.90 views

CVE-2025-27092

CVE-2025-27092 affects the GHOSTS framework. A path traversal flaw exists in the photo retrieval endpoint at /api/npcs/{id}/photo, where crafted photoLink values can cause directory traversal and expose files outside the intended photo directory. Affected versions are 8.0.0.0 up to 8.2.7.89. The ...

8.7CVSS6.5AI score0.00597EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/02/19 10:16 p.m.15 views

CVE-2025-27092 Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

8.7CVSS0.00597EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/02/19 10:16 p.m.9 views

CVE-2025-27092 Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

8.7CVSS6.5AI score0.00597EPSS
Exploits1References2
OSV
OSV
added 2025/02/19 10:16 p.m.11 views

CVE-2025-27092 Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

8.7CVSS6.9AI score0.00597EPSS
Exploits1References4
NCSC
NCSC
added 2025/02/19 9:11 a.m.5 views

Vulnerability fixed in PostgreSQL

A vulnerability has been fixed in PostgreSQL. The vulnerability is located in the libpq functions of PostgreSQL and involves an SQL injection error. Improper processing of quotes and incorrectly formed UTF-8 sequences can lead to arbitrary code execution. This vulnerability is being actively...

9.2CVSS8.5AI score0.89472EPSS
Exploits10References1
Packet Storm
Packet Storm
added 2025/02/19 12:0 a.m.813 views

BeyondTrust Remote Code Execution

This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS, with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below. This module requires...

9.8CVSS8.8AI score0.89472EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.5 views

PT-2025-7627 · Ghosts · Ghosts

Name of the Vulnerable Software and Affected Versions: GHOSTS versions 8.0.0.0 through 8.2.7.89 Description: A path traversal vulnerability was discovered in GHOSTS that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint. The vulnerability...

8.7CVSS6.8AI score0.00597EPSS
Exploits1References12
NVD
NVD
added 2025/02/18 7:15 p.m.7 views

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS0.00584EPSS
Exploits0References2
CVE
CVE
added 2025/02/18 6:42 p.m.58 views

CVE-2025-25284

CVE-2025-25284 concerns the ZOO-Project WPS implementation. The vulnerability lies in the Gdal_Translate service when processing VRT files: the SourceFilename parameter in VRTRasterBand is not properly sanitized, allowing relative path traversal (../) and enabling an unauthenticated attacker to r...

8.7CVSS7AI score0.00584EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/18 6:42 p.m.9 views

CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS0.00584EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/18 6:42 p.m.5 views

CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS6.5AI score0.00584EPSS
Exploits0References2
OSV
OSV
added 2025/02/18 6:42 p.m.5 views

CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS6.7AI score0.00584EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.5 views

PT-2025-7067 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project affected versions not specified Description: A vulnerability in the ZOO-Project's WPS implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal Translate...

8.7CVSS6.9AI score0.00584EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.3 views

PT-2025-6977 · Ubiquiti · Unifi Protect Cameras

Name of the Vulnerable Software and Affected Versions: UniFi Protect Cameras affected versions not specified Description: An Improper Neutralization of Escape Sequences issue could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect...

9.6CVSS8.5AI score0.00722EPSS
Exploits0References10
Metasploit
Metasploit
added 2025/02/17 6:54 p.m.1492 views

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution

This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS, with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below. Module Options msf use...

9.8CVSS9.6AI score0.87991EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2025/02/16 5:20 p.m.11 views

CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS6.2AI score0.00708EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/16 3:22 p.m.7 views

CVE-2024-56477

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.5AI score0.0047EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/14 5:56 p.m.31 views

@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...

5.3CVSS6.3AI score0.0058EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/14 5:56 p.m.10 views

GHSA-X4C5-C7RF-JJGV @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...

5.3CVSS6.3AI score0.0058EPSS
Exploits0References5
Snyk
Snyk
added 2025/02/14 5:41 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the download function due to improper input validation when processing image references during task exports. . An attacker can access files outside the intended directory structure by creating tasks with path...

8.7CVSS7.7AI score0.00708EPSS
Exploits0References2
Rows per page
Query Builder