CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/08/18 5:15 p.m.•3 views

CVE-2025-55214

6.9CVSS0.00068EPSS

NVD•added 2025/08/18 5:15 p.m.•3 views

CVE-2025-55201

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

8.5CVSS0.00058EPSS

CVE•added 2025/08/18 4:36 p.m.•9 views

CVE-2025-55214

CVE-2025-55214 (Copier) : A directory traversal vulnerability affects Copier libraries and CLI from version 7.1.0 up to, but not including, 9.9.1. When using a safe template, an attacker could cause files to be written outside the destination path by exploiting the template rendering of a generat...

6.9CVSS7.2AI score0.00068EPSS

Vulnrichment•added 2025/08/18 4:36 p.m.•2 views

CVE-2025-55214 Copier safe template has filesystem write access outside destination path

6.9CVSS7.2AI score0.00068EPSS

Vulnrichment•added 2025/08/18 4:21 p.m.•3 views

CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access

8.5CVSS7.2AI score0.00058EPSS

CVE•added 2025/08/18 4:21 p.m.•13 views

CVE-2025-55201

CVE-2025-55201 concerns the Copier library/CLI used for rendering project templates. Prior to version 9.9.1, the template rendering context exposes certain pathlib.Path objects in Jinja with unconstrained I/O methods, enabling a safe template to read and write arbitrary files on the filesystem an...

8.5CVSS6.6AI score0.00058EPSS

OSV•added 2025/08/18 4:21 p.m.•3 views

CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access

8.5CVSS6.6AI score0.00058EPSS

Exploits0References4

CNNVD•added 2025/08/18 12:0 a.m.•3 views

Copier 路径遍历漏洞

Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 9.9.1, which stems from the fact that the templates can read and write arbitrary files, potentially leading to file system access bypass...

8.5CVSS6.9AI score0.00058EPSS

Positive Technologies•added 2024/08/22 12:0 a.m.•2 views

PT-2024-28691 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.9.x through 9.9.1 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue allows remote/synthetic users to create sessions or reset...

6.5CVSS6.8AI score0.00524EPSS

Exploits0References10

OpenVAS•added 2023/01/04 12:0 a.m.•35 views

ISC BIND DoS Vulnerability (CVE-2012-1667) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

8.5CVSS6.4AI score0.53159EPSS

Exploits1References1

CNNVD•added 2022/07/20 12:0 a.m.•3 views

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. A security vulnerability exists in DotNetNuke DNN version 9.9.1 CMS, which stems...

5.4CVSS5.9AI score0.00234EPSS

NVD•added 2022/04/14 10:15 p.m.•10 views

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

6.5CVSS0.00314EPSS

OSV•added 2022/04/14 9:25 p.m.•2 views

CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client

6.5CVSS6.9AI score0.00314EPSS

CNVD•added 2021/10/13 12:0 a.m.•15 views

Clustered Data ONTAP Clickjacking Vulnerability

Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. A clickjacking vulnerability exists in Clustered Data ONTAP versions 9.5P18, 9.6P15, 9.7P14, 9.8P5, and prior to 9.9.1. The vulnerability stems from the lack of an X-Frame-Options header in the product. An...

4.7CVSS4.7AI score0.00206EPSS

OSV•added 2021/10/12 6:15 p.m.•1 views

CVE-2021-27003

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...

4.7CVSS5.8AI score0.00206EPSS

seebug.org•added 2014/07/01 12:0 a.m.•15 views

cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/11456/info It is reported that cPanel is susceptible to an information disclosure vulnerability in its function to enable Front Page extensions. This vulnerability reportedly allows attackers to gain access to the content...

7.1AI score

Exploits0

Tenable Nessus•added 2012/09/24 12:0 a.m.•37 views

Fedora 17 : bind-9.9.1-9.P3.fc17 (2012-14106)

Update to the 9.9.1-P3 security release. This update also fixes following issues : - named NetworkManager dispatcher script contained wrong path to systemcl utility. BZ837173 - named-chroot.service unit didn't work properly. BZ825869 - bind-devel package wasn't multilib clean. BZ478718 Note that...

7.8CVSS6.7AI score0.58236EPSS