Lucene search
+L

5 matches found

snyk
snyk
added 2026/06/19 10:8 p.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the extract function. An attacker can cause arbitrary files to be written to a directory of their choice ...

6.8CVSS5.9AI score0.00095EPSS
Exploits0References3
snyk
snyk
added 2026/03/10 8:44 p.m.18 views

Directory Traversal

Overview @appium/support is a Support libs used across Appium packages Affected versions of this package are vulnerable to Directory Traversal in the extractAllTo function. An attacker can write arbitrary files outside the intended extraction directory by supplying a crafted ZIP archive containin...

6.9CVSS6.3AI score0.00388EPSS
Exploits1References2
snyk
snyk
added 2026/02/18 12:57 a.m.4 views

Directory Traversal

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archiv...

8.4CVSS6.6AI score0.00288EPSS
Exploits1References2
github
github
added 2026/01/06 5:32 p.m.10 views

MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

Summary A Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function. This appears t...

5.3CVSS7.2AI score0.00311EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2025/10/29 3:26 p.m.2 views

CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References2
Rows per page
Query Builder