Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/02/06 6:32 p.m.21 views

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

8.6CVSS5.6AI score0.00579EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2023/06/02 5:15 p.m.18 views

CVE-2023-29541

Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux...

8.8CVSS8AI score0.00737EPSS
Exploits0References4
OSV
OSV
added 2023/02/07 9:15 p.m.1 views

UBUNTU-CVE-2023-0700

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7.3AI score0.00679EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/05/31 2:53 p.m.37 views

CVE-2022-31739

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when downloading files on Windows, the % character was not escaped, which could have led to a download incorrectly saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%...

8.8CVSS2.1AI score0.00662EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.3 views

PT-2022-20065 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier HashiCorp go-getter versions 2.0.2 and earlier Description: The issue concerns the unsafe download handling in HashiCorp go-getter. Malicious HTTP responses can cause various misbehaviors,...

9.8CVSS7.1AI score0.03054EPSS
Exploits0References28
ATTACKERKB
ATTACKERKB
added 2022/04/07 11:15 a.m.6 views

CVE-2021-46417

Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580...

7.8CVSS7.2AI score0.59753EPSS
Exploits7References5
OSV
OSV
added 2020/07/29 12:0 a.m.2 views

UBUNTU-CVE-2020-15658

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR 78.1, Firefox...

6.5CVSS6.9AI score0.01202EPSS
Exploits0References5
OSV
OSV
added 2019/01/11 6:29 p.m.2 views

CVE-2018-4186

In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation...

7.5CVSS5.8AI score0.00947EPSS
Exploits0References1
RubySec
RubySec
added 2013/03/04 12:0 a.m.23 views

flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution

flashtool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands...

9.8CVSS7.4AI score0.01685EPSS
Exploits0References1
Rows per page
Query Builder