Lucene search
K

778 matches found

CVE
CVE
added 2025/07/09 3:39 p.m.29 views

CVE-2025-53651

CVE-2025-53651 affects the Jenkins HTML Publisher Plugin, 425 and earlier. The issue arises because log messages include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller filesystem in build logs. The Connected ...

6.3CVSS6.2AI score0.00413EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/07/08 10:34 a.m.26 views

CVE-2025-40738

Siemens SINEC NMS before v4.0 is affected by a path traversal vulnerability due to improper ZIP file path validation when extracting uploaded ZIPs. The issue allows writing arbitrary files to restricted locations and could enable elevated-privilege code execution (ZDI-CAN-26572). Evidence across ...

8.8CVSS7.5AI score0.07166EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/06/28 5:56 p.m.5 views

CLSA-2025-1751133361 open-vm-tools: Fix of CVE-2025-22247

CVE-2025-22247: prevent usage of illegal characters in user names and file paths...

6.1CVSS6.5AI score0.00249EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.6 views

The vulnerability of Microprogrammed Software in Modicon Controllers arises from improper external control of the name or file path during data loading, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of Microprogrammed Software in Modicon Controllers arises from incorrect external control via name or file during data loading. Exploiting this vulnerability allows an attacker to compromise the confidentiality of protected information...

7.8CVSS5.4AI score0.00345EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2025/06/21 12:9 a.m.7 views

CVE-2025-6218 RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

7.8CVSS8AI score0.86192EPSS
Exploits8References2
RedHat Linux
RedHat Linux
added 2025/06/17 11:30 a.m.4 views

kea: Insecure handling of file paths allows multiple local attacks

A vulnerability was found in the Kea package. If an attacker has access to a local user account and the Kea API entry points are not secured, the attacker may use the API to modify Kea's configuration files or overwrite any system's file which a Kea running user has write access. This may be...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/12 9:19 a.m.4 views

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

5.4CVSS5.2AI score0.00191EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/11 11:11 a.m.6 views

Path Traversal

Erxes is vulnerable to Path Traversal. The vulnerability is due to improper input validation due to insufficient sanitization of file paths in the importHistoriesCreate GraphQL mutation handler, allowing authenticated attackers to write to arbitrary files...

5.4CVSS7AI score0.0034EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/06/10 8:43 a.m.10 views

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

5.4CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2025/06/10 8:43 a.m.46 views

CVE-2025-3117

CVE-2025-3117 affects Schneider Electric Modicon Controllers (M241/M251/M258/LMC058/M262). The vulnerability is a Cross-Site Scripting (CWE-79) caused by improper neutralization of input during web page generation, allowing an authenticated malicious user to inject unvalidated data that could mod...

5.4CVSS7AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/10 8:43 a.m.2 views

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

5.4CVSS6.6AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 10:5 a.m.16 views

CVE-2025-48781

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths...

8.7CVSS6.7AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 10:5 a.m.12 views

CVE-2025-48783

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...

8.8CVSS6.7AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 10:15 a.m.20 views

CVE-2025-48783

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...

8.8CVSS0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 9:27 a.m.9 views

CVE-2025-48783 Soar Cloud HRD Human Resource Management System - External Control of File Name or Path

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...

8.8CVSS7.3AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.3 views

Soar Cloud System Soar Cloud HRD Human Resource Management System 安全漏洞

Soar Cloud System Soar Cloud HRD Human Resource Management System is a human resource management system from Soar Cloud System, Inc. of Taiwan, China. A security vulnerability exists in Soar Cloud System Soar Cloud HRD Human Resource Management System version 7.3.2025.0408 and prior versions, whi...

8.7CVSS6.5AI score0.0038EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/06/03 2:39 a.m.4 views

SUSE CVE-2025-48938

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

9.8CVSS6.9AI score0.00429EPSS
Exploits0References3
Veracode
Veracode
added 2025/06/03 2:32 a.m.11 views

Arbitrary File Copy

gradio is vulnerable to an Arbitrary File Copy. The vulnerability is due to insufficient validation and access control in the flagging feature, which allows unauthenticated users to specify arbitrary file paths for copying without proper restrictions...

7.5CVSS6.9AI score0.0061EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/05/30 6:45 p.m.6 views

CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

6.5CVSS6.5AI score0.00429EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/30 3:30 p.m.14 views

Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. Details The GitHub CLI and CLI...

9.8CVSS7.6AI score0.00429EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder