Lucene search
K

778 matches found

NVD
NVD
added 2025/05/30 1:15 p.m.9 views

CVE-2025-40909

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

5.9CVSS0.00368EPSS
Exploits0References18
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.4 views

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the Perl community. A security vulnerability exists in Perl that stems from a threaded working directory contention condition that could cause file operations to target unexpected paths...

5.9CVSS6.6AI score0.00368EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/23 5:56 a.m.4 views

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

5.3CVSS6AI score0.00615EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/23 4:26 a.m.6 views

Predictable Resource Location

nitsan/ns-backup is vulnerable to Predictable Resource Location. The vulnerability is due to the use of predictable or guessable file paths for stored backup files without proper access controls, allows attackers to locate and download sensitive backup files by simply guessing the URL or file nam...

8.6CVSS6.4AI score0.00301EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.7 views

CVE-2022-36914

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.6AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:42 p.m.3 views

CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

5.3CVSS6AI score0.01021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 p.m.5 views

CVE-2021-36991

There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access...

7.5CVSS6.8AI score0.00672EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 p.m.5 views

CVE-2020-36560

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.1CVSS6.8AI score0.01249EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.5 views

CVE-2019-10667

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

5.3CVSS6.7AI score0.01219EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/16 1:25 p.m.22 views

CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...

7.3CVSS0.0017EPSS
Exploits0References1
QT
QT
added 2025/05/16 12:0 a.m.21 views

Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows potentially allows Symlink Attacks and the use of Malicious Files. This vulnerability has been discovered and assigned the CVE ID CVE-2025-4211. The issue originates...

7.3CVSS7.6AI score0.01292EPSS
Exploits0
Veracode
Veracode
added 2025/05/14 5:47 a.m.9 views

Arbitrary File Write

Ironic is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of user-supplied file paths during image deployment via the API, allowing attackers to write unintended files to the target node disk...

2.8CVSS6.7AI score0.00149EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.4 views

The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset lies in improper external control of file names or files, allowing attackers to perform spoofing attacks.

The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset is related to improper external name handling or file path manipulation. Exploitation of this vulnerability can allow a malicious actor to perform spear-phishing attacks by...

9CVSS7.4AI score0.011EPSS
Exploits0References3Affected Software4
Snyk
Snyk
added 2025/05/08 6:30 p.m.3 views

Directory Traversal

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Directory Traversal via the handling of file:// image URLs during the deployment process. An attacker can write, list, view, edit, create, or delete unintended files to a target node disk b...

5.7CVSS7.4AI score0.00149EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.4 views

WordPress plugin Envolve Plugin 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

5.3CVSS6.4AI score0.00351EPSS
Exploits0References3
NVD
NVD
added 2025/04/22 6:16 p.m.10 views

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

6.4CVSS0.00262EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.4 views

QiANXIN Tianqing Endpoint Security Management System 安全漏洞

QiANXIN Tianqing Endpoint Security Management System is a security vulnerability in the v10.0 version of QiANXIN Tianqing Endpoint Security Management System, a product of QiANXIN, China. A security vulnerability exists in QiANXIN Tianqing Endpoint Security Management System version v10.0, which...

8.8CVSS6.8AI score0.00466EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/04/05 10:39 p.m.13 views

CVE-2025-0278

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

4.3CVSS7AI score0.00256EPSS
Exploits0References3
OSV
OSV
added 2025/04/03 10:15 p.m.3 views

CVE-2025-0278

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

4.3CVSS5.8AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.16 views

HCL Traveler 安全漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that originates from a Windows application accidentally disclosing interna...

4.3CVSS6.7AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder