Lucene search
K

778 matches found

Veracode
Veracode
added 2025/11/24 6:58 a.m.5 views

Improper Input Validation

auth0/wordpress is vulnerable to Improper Input Validation. The vulnerability is due to the Bulk User Import endpoint not validating the file path wrapper or value, which allows an attacker to supply arbitrary file paths or URLs to manipulate file handling behavior...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References8Affected Software2
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.3 views

CVE-2025-63958

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint /MILLENSYS/settings that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An...

6.4AI score0.00491EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/17 6:30 p.m.5 views

EUVD-2025-197812

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

8.1CVSS7.7AI score0.01446EPSS
Exploits1References4
NVD
NVD
added 2025/11/17 4:15 p.m.3 views

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

8.1CVSS0.01446EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/17 12:0 a.m.2 views

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

7.8AI score0.01446EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/17 12:0 a.m.8 views

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

0.01446EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.4 views

PT-2025-47159

Name of the Vulnerable Software and Affected Versions MyScreenTools version 2.2.1.0 Description The software contains a critical OS command injection issue in the GIF compression tool. The application does not properly sanitize user-supplied file paths before passing them to cmd.exe, which allows...

8.1CVSS8AI score0.01446EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/13 3:30 p.m.5 views

EUVD-2025-175325

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...

4.3CVSS6.1AI score0.00291EPSS
Exploits0References2
NVD
NVD
added 2025/11/13 1:15 p.m.4 views

CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

8.8CVSS0.00737EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.4 views

Zoom Clients 安全漏洞

Zoom Clients is a video conferencing application from Zoom USA. A security vulnerability exists in Zoom Clients that originates from an external control over file names or paths, which could lead to information disclosure...

7.5CVSS6.4AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.2 views

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application from Zoom USA. A security vulnerability exists in Zoom Workplace versions prior to 6.5.10, which originates from an external control over file names or paths and could lead to information disclosure...

5.5CVSS6.4AI score0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/05 6:19 a.m.5 views

CVE-2025-64151

Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS7.5AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/05 6:0 a.m.7 views

CVE-2025-11072 Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.6 views

WordPress plugin MelAbu WP Download Counter Button 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/30 12:31 a.m.4 views

EUVD-2025-36741

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...

8.7CVSS6.2AI score0.00411EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 10:15 p.m.5 views

CVE-2025-54459

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...

8.7CVSS5.8AI score0.00411EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 9:51 p.m.3 views

CVE-2025-54459 Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...

8.7CVSS6.3AI score0.00411EPSS
Exploits0References1
CVE
CVE
added 2025/10/29 9:51 p.m.13 views

CVE-2025-54459

Vulnerability summary: CVE-2025-54459 affects the Hospital Manager Backend Services (Vertikal Systems), where the ASP.NET tracing endpoint /trace.axd was exposed without authentication before 19 September 2025. This allowed remote attackers to obtain live request traces and sensitive data such as...

8.7CVSS6.3AI score0.00411EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/29 9:30 p.m.4 views

EUVD-2025-36707

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw...

8.1CVSS7.3AI score0.27133EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 8:43 p.m.4 views

Directory Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths...

9.8CVSS8.4AI score0.27133EPSS
Exploits0References2
Rows per page
Query Builder