Lucene search
K

331 matches found

Cvelist
Cvelist
added 2025/08/22 12:0 a.m.9 views

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.3 views

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

6.2AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.6 views

PT-2025-34367 · Unknown · Mcsmanager

Name of the Vulnerable Software and Affected Versions: MCSManager version 10.5.3 Description: The MCSManager daemon process runs with root privileges by default. Sensitive data, including tokens and terminal content, is stored in a data directory accessible to all users. This allows unauthorized...

5.3CVSS6.6AI score0.00231EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-47927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data...

5.5CVSS5.2AI score0.00269EPSS
Exploits1References2
Huntr
Huntr
added 2025/07/15 4:14 p.m.7 views

World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data

Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...

7.8CVSS7.4AI score0.00168EPSS
Exploits1
OSV
OSV
added 2025/06/10 1:15 a.m.4 views

CVE-2025-5906

A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

9.8CVSS5.4AI score0.00514EPSS
Exploits1References5
NVD
NVD
added 2025/05/09 7:16 a.m.8 views

CVE-2025-37863

In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, onl...

5.5CVSS0.00222EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/05/09 6:43 a.m.5 views

CVE-2025-37863

In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, onl...

5.5CVSS5.6AI score0.00222EPSS
Exploits0
CVE
CVE
added 2025/05/09 6:43 a.m.85 views

CVE-2025-37863

CVE-2025-37863 affects the Linux kernel overlayfs (ovl). The issue arises when a data-only layer is pointed to by an upper layer, something not currently used but previously allowed only via the datadir+ feature, which could trigger an Oops. The documented fix disables datadir without a lowerdir,...

5.5CVSS6.9AI score0.00222EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/27 3:4 p.m.26 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...

6.1CVSS6AI score0.2515EPSS
Exploits0References1
OSV
OSV
added 2025/04/25 3:15 p.m.6 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...

6.1CVSS5.8AI score0.2515EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 3:15 p.m.43 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...

6.1CVSS0.2515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/25 2:32 p.m.9 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...

3.5CVSS6AI score0.2515EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/25 2:32 p.m.37 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...

3.5CVSS0.2515EPSS
Exploits0References1
CVE
CVE
added 2025/04/25 2:32 p.m.76 views

CVE-2025-46618

JetBrains TeamCity before 2025.03.1 is affected by CVE-2025-46618, where a stored XSS vulnerability exists on the Data Directory tab. The available sources confirm the issue in versions prior to 2025.03.1 and note the impact as stored XSS. A remediation suggested by PT-2025-17925 is to upgrade to...

6.1CVSS6AI score0.2515EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.8 views

PT-2025-17925 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2025.03.1 Description: The issue allows for stored XSS, which was possible on the Data Directory tab. Recommendations: For versions prior to 2025.03.1, update to version 2025.03.1 or later to resolve the...

6.1CVSS6.1AI score0.2515EPSS
Exploits0References9
OSV
OSV
added 2025/03/01 12:0 a.m.35 views

ASB-A-283962634

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

6.8CVSS6.7AI score0.00454EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

AnkiDroid 安全漏洞

AnkiDroid is the AnkiDroid open source for an Anki flashcard on Android. A security vulnerability exists in AnkiDroid version v2.17.6, which stems from a vulnerability that allows an attacker to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save them to public storage...

5.3CVSS6.6AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.4 views

PT-2025-6409 · Ankidroid · Ankidroid

Name of the Vulnerable Software and Affected Versions: AnkiDroid version 2.17.6 Description: The issue in the AnkiDroid Android application allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save them into publicly available storage. Recommendations: For...

5.3CVSS6.5AI score0.00278EPSS
Exploits0References5
OSV
OSV
added 2024/12/19 4:7 p.m.6 views

CVE-2024-38864 User-Readable Private Key in Windows Agent

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p23, 2.2.0p38 and = 2.1.0p49 EOL allows a local attacker to read sensitive data...

4.8CVSS6AI score0.0018EPSS
Exploits0References3
Rows per page
Query Builder