Lucene search
K

58 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-23335

Malicious code in bioql PyPI...

8.8CVSS5.3AI score0.01117EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.5 views

PT-2025-31821 · Unknown +1 · Iis-K3Cloudminiapp +1

Name of the Vulnerable Software and Affected Versions: Kingdee Cloud-Starry-Sky Enterprise Edition versions prior to 8.2 Description: A path traversal issue exists in the BaseServiceFactory.getFileUploadService.deleteFileAction function within the...

6.9CVSS5.5AI score0.00852EPSS
Exploits0References7
NVD
NVD
added 2025/07/11 6:15 p.m.15 views

CVE-2025-7452

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/filecontroller.go of the component Endpoint. The manipulation of the argument fileName leads t...

6.5CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 2025/06/29 7:31 a.m.30 views

CVE-2025-6853

CVE-2025-6853 affects the Langchain-Chatchat backend component in the project "chatchat-space" up to version 0.3.1. The vulnerability is in the function upload_temp_docs under /knowledge_base/upload_temp_docs, where manipulating the flag argument enables a path traversal. The issue can be exploit...

9.8CVSS6.5AI score0.00482EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.7 views

The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 allows a hacker to bypass security restrictions.

The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 relates to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

9CVSS8AI score0.02975EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/06/06 4:15 p.m.12 views

CVE-2025-33035

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

7.2CVSS0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:2 a.m.7 views

CVE-2024-2863

This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...

9.8CVSS7.1AI score0.66969EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:13 a.m.4 views

CVE-2022-23135

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which...

6.5CVSS6.6AI score0.01375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 p.m.10 views

CVE-2021-37105

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...

7.5CVSS6.9AI score0.00636EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/11 12:0 a.m.5 views

PT-2025-20654 · Shanghai Bairui Information Technology · Sunloginclient

Name of the Vulnerable Software and Affected Versions: Shanghai Bairui Information Technology SunloginClient version 15.8.3.19819 Description: A critical vulnerability has been found in the library process.dll of the file sunlogin guard.exe, affecting an unknown part. The manipulation leads to an...

7.3CVSS6.8AI score0.00159EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/05/07 8:24 a.m.5 views

CVE-2025-20949

Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members...

5.1CVSS7.2AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/07 7:31 p.m.14 views

CVE-2025-3381 zhangyanbo2007 youkefu File Upload WebIMController.java path traversal

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...

6.5CVSS0.00904EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.1 views

PT-2025-10797 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the improper resolution of path equivalence in Windows MapUrlToZone, which allows an unauthorized attacker to bypass a security feature over a network. This could...

5CVSS8.3AI score0.02983EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/11/10 12:0 a.m.3 views

ZKTeco ZKBio Time 安全漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...

6.3CVSS4.8AI score0.00423EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2024/10/15 6:55 a.m.255 views

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

Detect vulnerabilities First, Use dnslog to detect whether CV...

9.8CVSS6.6AI score0.35211EPSS
Exploits4
Cvelist
Cvelist
added 2024/09/27 12:42 p.m.30 views

CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...

0.00257EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/09/26 5:16 p.m.7 views

CVE-2024-47170 Agnai File Disclosure Vulnerability: JSON via Path Traversal

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information an...

4.3CVSS6.4AI score0.00455EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/27 12:0 a.m.4 views

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on the path name to the restricted access directory. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on the path name to the restricted access directory when processing CAB format files. Exploiting this vulnerability allows an attacker to execute...

7.8CVSS7.6AI score0.01572EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.4 views

The vulnerability of the software development environment of Totally Integrated Automation Portal (Portal TIA) relates to the possibility of bypassing the path, allowing a intruder to execute arbitrary code.

The vulnerability of the Totally Integrated Automation Portal Portal TIA software development environment relates to the possibility of bypassing the access path. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted...

7.3CVSS7.5AI score0.00249EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.5 views

The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect restrictions on the path to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.

The vulnerability of FortiWeb web applications’ network firewalls is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a special...

6.8CVSS6.5AI score0.00573EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder