Lucene search
K

9 matches found

OSV
OSV
added 2026/06/10 6:23 p.m.9 views

MAL-2026-5521 Malicious code in @helpcentre/tesco-help (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb75510e87a08a5152331461c2b2b955ad21d418c8d2055f5f66ec15e22cf042 On npm install, the postinstall hook runs node index.js, which performs an HTTPS POST to https://f1ackavab3.execute-api.eu-west-2.amazonaws.com/...

5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 3:29 p.m.9 views

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/27 3:29 p.m.2 views

GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 p.m.10 views

CVE-2021-32643

Http4s is a Scala interface for HTTP services. StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a...

5.8CVSS6.7AI score0.01395EPSS
Exploits0References1
Veracode
Veracode
added 2023/04/20 9:37 a.m.22 views

Path Traversal

firefox is vulnerable to Path Traversal. The vulnerability exists because the WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request which leaked directory paths on the user's machine...

4.3CVSS6.1AI score0.00397EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2023/04/03 1:2 p.m.4 views

USN-5993-1 samba vulnerabilities

Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. CVE-2023-0614 Andrew Bartlett discovered that the Samba AD DC admin tool...

7.7CVSS6.8AI score0.00567EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/10/14 7:1 p.m.2 views

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

7.5CVSS5.8AI score0.03478EPSS
Exploits0References4
seebug.org
seebug.org
added 2008/05/14 12:0 a.m.56 views

Oracle Application Server Portal绕过认证漏洞

BUGTRAQ ID: 29119 Oracle Application Server Portal(OracleAS Portal)是基于Web的应用程序,用于构建和部署portal。 OracleAS Portal在处理访问认证时存在漏洞,如果远程攻击者在提交的HTTP请求头中添加了特制的cookie值的话,就可以绕过对/davportal/portal/目录的基本认证保护,访问davportal内容。 Oracle Application Server Portal 10G Oracle ------...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2002/07/03 12:0 a.m.32 views

Directory content leakage in CommunigatePro

By adding . or .. to the path it's possible to obtain directory listing...

1.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder