Lucene search
K

26 matches found

Github Security Blog
Github Security Blog
added 2026/04/13 4:35 p.m.9 views

simple-git Affected by Command Execution via Option-Parsing Bypass

Summary simple-git enables running native Git commands from JavaScript. Some commands accept options that allow executing another command; because this is very dangerous, execution is denied unless the user explicitly allows it. This vulnerability allows a malicious actor who can control the...

9.8CVSS6.2AI score0.02712EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2026/04/13 4:35 p.m.5 views

GHSA-JCXM-M3JX-F287 simple-git Affected by Command Execution via Option-Parsing Bypass

Summary simple-git enables running native Git commands from JavaScript. Some commands accept options that allow executing another command; because this is very dangerous, execution is denied unless the user explicitly allows it. This vulnerability allows a malicious actor who can control the...

8.1CVSS6.2AI score0.02712EPSS
Exploits2References7
vulnersOsv
vulnersOsv
added 2026/01/07 5:47 p.m.7 views

ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +459 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.28.0.CR1 <=3.30.8)

io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.28.0.CR1, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.7, =0.1.9 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-14897052...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22328

Malicious code in bioql PyPI...

7CVSS6.4AI score0.00458EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/07/24 12:23 a.m.10 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

7CVSS6.7AI score0.00458EPSS
Exploits1References1
NVD
NVD
added 2025/07/22 6:15 p.m.21 views

CVE-2025-51464

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

8.8CVSS0.006EPSS
Exploits1References3
NVD
NVD
added 2025/07/22 4:15 p.m.17 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

7CVSS0.00458EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/22 12:0 a.m.3 views

CVE-2025-51464

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

6.7AI score0.006EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.4 views

PT-2025-30426 · Aim · Aim

Name of the Vulnerable Software and Affected Versions: AIM version 3.28.0 Description: A path traversal issue exists in the restore run backup function. This allows remote attackers to write arbitrary files to the server's filesystem by submitting a crafted backup tar file to the run instruction...

7CVSS6.6AI score0.00458EPSS
Exploits1References8
CVE
CVE
added 2025/07/22 12:0 a.m.23 views

CVE-2025-51463

CVE-2025-51463 concerns AIM 3.28.0, where a path traversal flaw in the restore_run_backup() function lets remote attackers craft a backup tar for the run_instruction API and write arbitrary files to the server filesystem because paths are not validated during extraction. Affected component: AIM s...

7CVSS6.8AI score0.00458EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/07/22 12:0 a.m.23 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

0.00458EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

Aim 路径遍历漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A path traversal vulnerability exists in AIM version 3.28.0, which stems from a path traversal vulnerability in restorerunbackup that could result in writing arbitrary files to the server file syst...

7CVSS6.6AI score0.00458EPSS
Exploits1References4
CVE
CVE
added 2025/07/22 12:0 a.m.36 views

CVE-2025-51464

The CVE-2025-51464 entry affects aimhubio Aim version 3.28.0. A cross-site scripting (XSS) vulnerability exists in the /api/reports endpoint where Python code is submitted and interpreted by Pyodide when a report is viewed, allowing execution of arbitrary JavaScript in a victim’s browser via pyod...

8.8CVSS7.1AI score0.006EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:23 p.m.3 views

CVE-2022-38613

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system...

6.5CVSS6.7AI score0.00965EPSS
Exploits1References1
OSV
OSV
added 2024/03/17 11:15 a.m.6 views

CVE-2024-2561

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricte...

8.8CVSS5.3AI score0.06079EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/17 11:0 a.m.17 views

CVE-2024-2561 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricte...

6.5CVSS6.5AI score0.06079EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/17 11:0 a.m.24 views

CVE-2024-2561 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricte...

6.5CVSS6.6AI score0.06079EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.4 views

PT-2024-21039 · 74Cms · 74Cms

Name of the Vulnerable Software and Affected Versions: 74CMS version 3.28.0 Description: A critical issue has been found in the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads...

8.8CVSS6.6AI score0.06079EPSS
Exploits1References6
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.8 views

WordPress Responsive Slider by MetaSlider Plugin <= 3.28.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Responsive Slider by MetaSlider Type Plugin Vulnerable versions = 3.28.0 Fixed in 3.28.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c760d46ac2b9 Credits...

5.9AI score0.00113EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/09 4:15 p.m.6 views

CVE-2022-38613

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system...

6.5CVSS5.9AI score0.00965EPSS
Exploits1References4
Rows per page
Query Builder