Lucene search
K

21312 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/02/13 3:7 p.m.90 views

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...

9.8CVSS9.2AI score0.89472EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2025/02/13 3:7 p.m.5 views

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...

9.8CVSS9.8AI score0.89472EPSS
Exploits14
Redos
Redos
added 2025/02/13 12:0 a.m.4 views

ROS-20250212-10

A vulnerability in the Python Babel library that helps internationalize and localize Python applications is associated with Input validation errors when processing directory traversal sequences in .dat locale files in Babel.Locale. Exploitation of the vulnerability could allow an attacker to...

7.8CVSS6.7AI score0.00716EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/12 7:26 p.m.9 views

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS7.8AI score0.19777EPSS
Exploits1References1
Snyk
Snyk
added 2025/02/11 6:31 p.m.1 views

Directory Traversal

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal that could enable privilege escalation for a privileged attacker. Details A Directory Traversal attack also known as path traversal aims to access files...

7.5CVSS7.8AI score0.01278EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.1 views

Directory Traversal

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Directory Traversal that could enable privilege escalation for a privileged attacker. Details A Directory Traversal attack also known as path...

7.5CVSS7.8AI score0.01278EPSS
Exploits0References2
ICS
ICS
added 2025/02/11 12:0 a.m.27 views

Siemens RUGGEDCOM APE1808

SUMMARY Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet's upstream security notifications. 2. GENERAL...

7.3AI score
Exploits0References10
OSV
OSV
added 2025/02/10 7:15 p.m.5 views

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS7.4AI score
Exploits0References2
NVD
NVD
added 2025/02/10 7:15 p.m.5 views

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS0.19777EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/10 6:53 p.m.10 views

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS0.19777EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/02/10 6:53 p.m.5 views

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS7.5AI score0.19777EPSS
Exploits1References2
CVE
CVE
added 2025/02/10 6:53 p.m.51 views

CVE-2024-13059

CVE-2024-13059 affects mintplex-labs/anything-llm prior to 1.3.1. The vulnerability arises from improper handling of non-ASCII filenames in the multer library, where filename transformations can introduce ../ sequences that are not sanitized. This enables path traversal and arbitrary file writes ...

7.2CVSS7.5AI score0.19777EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/10 2:33 p.m.26 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js...

9.1CVSS9.2AI score0.03273EPSS
Exploits6Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.7 views

PT-2025-6084

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.3.1 Description: A vulnerability exists in mintplex-labs/anything-llm due to improper handling of non-ASCII filenames within the multer library. This can lead to path traversal, allowing attacker...

7.2CVSS7.6AI score0.19777EPSS
Exploits1References16
OpenVAS
OpenVAS
added 2025/02/10 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1199)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.8CVSS4.3AI score0.00363EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/02/10 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1183)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.8CVSS4.3AI score0.00363EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.5 views

EulerOS 2.0 SP12 : unbound (EulerOS-SA-2025-1183)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A NULL pointer dereference flaw was found in the ubctxsetfwd function in Unbound. This issue could allow an attacker who can invoke specific...

2.8CVSS5AI score0.00363EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.4 views

EulerOS 2.0 SP12 : unbound (EulerOS-SA-2025-1199)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A NULL pointer dereference flaw was found in the ubctxsetfwd function in Unbound. This issue could allow an attacker who can invoke specific...

2.8CVSS5AI score0.00363EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.22 views

openSUSE 15 Security Update : trivy (openSUSE-SU-2025:0056-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0056-1 advisory. Update to version 0.58.2 boo1234512, CVE-2024-45337, boo1235265, CVE-2024-45338: fixmisconf: allow null values only for tf variables backport:...

9.8CVSS8.2AI score0.03092EPSS
Exploits2References20
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.8 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-39473)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39473 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input form...

5.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Rows per page
Query Builder