CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/03/26 3:19 p.m.•3 views

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

7.2CVSS5.8AI score0.0014EPSS

Exploits0References1

Snyk•added 2026/03/20 10:38 p.m.•2 views

Directory Traversal

Overview dreamfactory/df-core is a DreamFactorytm Core Components Affected versions of this package are vulnerable to Directory Traversal in the RestController.php component when processing unsanitized URI paths. An attacker can gain unauthorized access to arbitrary files on the server by craftin...

8.7CVSS6.4AI score0.0014EPSS

Exploits0References2

Github Security Blog•added 2026/03/20 9:31 p.m.•7 views

DreamFactory has a directory traversal

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

7.2CVSS5.8AI score0.0014EPSS

Exploits0References4Affected Software1

OSV•added 2026/03/20 9:31 p.m.•3 views

GHSA-GV7F-W92J-383Q DreamFactory has a directory traversal

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

7.2CVSS5.8AI score0.0014EPSS

Exploits0References4

EUVD•added 2026/03/20 9:31 p.m.•1 views

EUVD-2025-208913

DreamFactory has a directory traversal...

5.8AI score0.0014EPSS

Exploits0References3

NVD•added 2026/03/20 9:17 p.m.•1 views

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

7.2CVSS0.0014EPSS

Exploits0References2

OSV•added 2026/03/20 9:17 p.m.•2 views

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

6AI score

Exploits0References2

Positive Technologies•added 2026/03/20 12:0 a.m.•3 views

PT-2026-26674

CVE-2025-55988 An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path. https://t.co/bR1dLDXebx...

7.2CVSS5.8AI score0.0014EPSS

Exploits0References6

Cvelist•added 2026/03/20 12:0 a.m.•20 views

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

0.0014EPSS

Exploits0References2

CNNVD•added 2026/03/20 12:0 a.m.•2 views

DreamFactory Core 安全漏洞

DreamFactory Core is a core service open sourced by DreamFactory Software. Version 1.0.3 of DreamFactory Core contains a security vulnerability caused by uncleaned URI paths, which may lead to directory traversal attacks...

7.2CVSS5.8AI score0.0014EPSS

Exploits0References2

ATTACKERKB•added 2026/03/20 12:0 a.m.•4 views

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

5.8AI score0.0014EPSS

Exploits0References3

Vulnrichment•added 2026/03/20 12:0 a.m.•3 views

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

5.8AI score0.0014EPSS

Exploits0References2

CVE•added 2026/03/20 12:0 a.m.•3 views

CVE-2025-55988

CVE-2025-55988 affects DreamFactory Core, specifically the RestController.php in v1.0.3, enabling directory traversal via an unsanitized URI path. Multiple connected sources confirm the same root cause and impact: unauthorized access to arbitrary files on the server through crafted URLs. Mitigati...

7.2CVSS5.8AI score0.0014EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/12/24 10:29 p.m.•2 views

CVE-2025-13700

DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS7.4AI score0.01229EPSS

Exploits0References1

EUVD•added 2025/12/24 12:30 a.m.•2 views

EUVD-2025-204960

7.2CVSS7.5AI score0.01229EPSS

Exploits0References3

Snyk•added 2025/12/23 11:2 p.m.•4 views

Command Injection

Overview dreamfactory/df-core is a DreamFactorytm Core Components Affected versions of this package are vulnerable to Command Injection via the saveZipFile function in the Components/Package/Package.php file. An attacker can execute arbitrary code in the context of the service account by supplyin...

8.6CVSS7.3AI score0.01229EPSS

Exploits0References2

NVD•added 2025/12/23 10:15 p.m.•2 views

CVE-2025-13700

7.2CVSS0.01229EPSS

Exploits0References2

OSV•added 2025/12/23 10:15 p.m.•1 views

CVE-2025-13700

7.2CVSS8AI score

Exploits0References2

CVE•added 2025/12/23 9:42 p.m.•6 views

CVE-2025-13700

DreamFactory CVE-2025-13700 describes a Command Injection / Remote Code Execution in the saveZipFile method. The flaw arises from insufficient validation of a user-supplied string used in a system call, allowing an attacker to execute arbitrary code with the service account context. Affected prod...

7.2CVSS7.4AI score0.01229EPSS

Exploits0References2

Vulnrichment•added 2025/12/23 9:42 p.m.•2 views

CVE-2025-13700 DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability

7.2CVSS7.7AI score0.01229EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by