Lucene search
K

256 matches found

GithubExploit
GithubExploit
added 2026/01/13 5:11 p.m.144 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Proof of concept exploit for CVE-2025-55182...

10CVSS7AI score0.99562EPSS
Exploits374
Spring Security Advisories
Spring Security Advisories
added 2025/12/26 12:0 a.m.8 views

Evolving Spring Vault: Introducing VaultClient

Back in September 2016, nearly a decade ago now, we introduced Spring Vault as a integration layer for HashiCorp Vault within Spring applications, complemented by Spring Cloud Vault for Spring Boot arrangements. The core idea has always been straightforward: Externalizing secrets to encrypted Vau...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/20 5:12 p.m.5 views

CVE-2025-68478

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

7.1CVSS7AI score0.03631EPSS
Exploits1References1
OSV
OSV
added 2025/12/19 6:15 p.m.7 views

PYSEC-2025-125

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

7.1CVSS5.9AI score0.03631EPSS
Exploits1References1
NVD
NVD
added 2025/12/18 10:16 a.m.4 views

CVE-2025-13641

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS0.00707EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/17 7:48 p.m.28 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS0.00731EPSS
Exploits2References4
OSV
OSV
added 2025/12/17 7:48 p.m.4 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS5.9AI score0.00731EPSS
Exploits2References6
EUVD
EUVD
added 2025/12/12 6:30 p.m.6 views

EUVD-2025-203094

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip...

7.2CVSS6.3AI score0.00771EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 5:15 p.m.5 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS0.00771EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 4:38 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...

8.7CVSS7.5AI score0.00771EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 4:38 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...

8.7CVSS7.5AI score0.00771EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:0 a.m.6 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS7AI score0.00771EPSS
Exploits0References4
OSV
OSV
added 2025/11/17 8:15 p.m.4 views

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

8CVSS5.9AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

Qualys Cloud Agent 安全漏洞

Qualys Cloud Agent is a lightweight application from Qualys, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent that stems from not using absolute paths and not cleaning up the $PATH environment variable, which could lead to...

6.3CVSS7AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-0813

Malware in sbrugna...

7.5CVSS6AI score0.04887EPSS
Exploits1References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.29 views

EUVD-2022-6481

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.00414EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2013-1831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive informatio...

5CVSS5.5AI score0.01393EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 5:12 p.m.6 views

GHSA-9GH8-9R95-3FC3 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

Summary The vulnerability allows any user to overwrite any files available under the account privileges of the running process. Details As part of static analysis, iOS MobSF supports loading and parsing statically linked libraries .a. When parsing such archives, the code extracts the embedded...

6.5CVSS6.7AI score0.0056EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.71 views

NamelessMC 信息泄露漏洞

NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. An information disclosure vulnerability exists in NamelessMC versions prior to 2.2.4, which stems from the disclosure of sensitive information and...

5.3CVSS6.1AI score0.00399EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-32804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient...

8.2CVSS6.8AI score0.15014EPSS
Exploits1References2
Rows per page
Query Builder