21312 matches found
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...
ROS-20250212-10
A vulnerability in the Python Babel library that helps internationalize and localize Python applications is associated with Input validation errors when processing directory traversal sequences in .dat locale files in Babel.Locale. Exploitation of the vulnerability could allow an attacker to...
CVE-2024-13059
A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...
Directory Traversal
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal that could enable privilege escalation for a privileged attacker. Details A Directory Traversal attack also known as path traversal aims to access files...
Directory Traversal
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Directory Traversal that could enable privilege escalation for a privileged attacker. Details A Directory Traversal attack also known as path...
Siemens RUGGEDCOM APE1808
SUMMARY Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet's upstream security notifications. 2. GENERAL...
CVE-2024-13059
A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...
CVE-2024-13059
A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...
CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm
A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...
CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm
A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...
CVE-2024-13059
CVE-2024-13059 affects mintplex-labs/anything-llm prior to 1.3.1. The vulnerability arises from improper handling of non-ASCII filenames in the multer library, where filename transformations can introduce ../ sequences that are not sanitized. This enables path traversal and arbitrary file writes ...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js...
PT-2025-6084
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.3.1 Description: A vulnerability exists in mintplex-labs/anything-llm due to improper handling of non-ASCII filenames within the multer library. This can lead to path traversal, allowing attacker...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1199)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1183)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : unbound (EulerOS-SA-2025-1183)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A NULL pointer dereference flaw was found in the ubctxsetfwd function in Unbound. This issue could allow an attacker who can invoke specific...
EulerOS 2.0 SP12 : unbound (EulerOS-SA-2025-1199)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A NULL pointer dereference flaw was found in the ubctxsetfwd function in Unbound. This issue could allow an attacker who can invoke specific...
openSUSE 15 Security Update : trivy (openSUSE-SU-2025:0056-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0056-1 advisory. Update to version 0.58.2 boo1234512, CVE-2024-45337, boo1235265, CVE-2024-45338: fixmisconf: allow null values only for tf variables backport:...
Azure Linux 3.0 Security Update: kernel (CVE-2024-39473)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39473 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input form...