Lucene search
K

779 matches found

Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-49298

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop versions prior to 3.16.5 Description Nextcloud Desktop is a desktop sync client for Nextcloud. Before version 3.16.5, the file path was transmitted unencrypted when attempting to manually lock a file within an end-to-end...

2.7CVSS6.4AI score0.00242EPSS
Exploits0References16
OSV
OSV
added 2024/12/20 7:48 p.m.9 views

CVE-2024-56331 Local File Inclusion (LFI) via Improper URL Handling in uptime-kuma's `Real-Browser` monitor

Uptime Kuma is an open source, self-hosted monitoring tool. An Improper URL Handling Vulnerability allows an attacker to access sensitive local files on the server by exploiting the file:/// protocol. This vulnerability is triggered via the "real-browser" request type, which takes a screenshot of...

6.8CVSS6.4AI score0.01793EPSS
Exploits0References4
Veracode
Veracode
added 2024/12/18 6:59 a.m.9 views

Directory Traversal

pythonlibarchive is vulnerable to Directory Traversal. The vulnerability is due to insufficient sanitization of file paths during the extraction process, which fails to properly handle or restrict the traversal of directory paths, allowing attackers to use special characters such as ../ to escape...

8.8CVSS6.7AI score0.02001EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/12/16 1:55 p.m.11 views

BIT-NODE-MIN-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

6.5CVSS6.9AI score0.00945EPSS
Exploits0References6
Veracode
Veracode
added 2024/12/13 1:25 p.m.8 views

File Manipulation

drupal/core is vulnerable to File Manipulation. The vulnerability is due to insufficient validation and sanitization of user-provided file paths, which can lead to unauthorized file access or manipulation...

5.9CVSS6.6AI score0.00375EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/04 12:0 a.m.6 views

The vulnerability of the Keycloak identity and access management software lies in improper external control of the file name or path, allowing unauthorized users to gain unauthorized access to protected information.

The vulnerability of the Keycloak identity and access management software is related to improper external control of the file name or path, resulting from incorrect validation of regular expressions. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthoriz...

4CVSS5.5AI score0.00727EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2024/11/20 3:35 a.m.9 views

Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

8.6CVSS6.4AI score0.00697EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/11/14 8:58 a.m.19 views

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...

7.5CVSS6.8AI score0.03938EPSS
Exploits2References2Affected Software1
Veracode
Veracode
added 2024/11/13 5:36 a.m.7 views

Arbitrary File Deletion

github.com/plentico/plenti is vulnerable to Arbitrary File Deletion. The vulnerability is due to insufficient input validation and lack of proper access controls on the /postLocal endpoint, allowing an attacker to manipulate file paths and trigger arbitrary file deletion when the Plenti user serv...

8.7CVSS6.7AI score0.00773EPSS
Exploits1References5Affected Software1
Redos
Redos
added 2024/10/29 12:0 a.m.3 views

ROS-20241029-13

A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to use...

8.2CVSS7.1AI score0.0099EPSS
Exploits0
Redos
Redos
added 2024/10/29 12:0 a.m.15 views

ROS-20241029-04

A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to explo...

8.2CVSS7.1AI score0.0099EPSS
Exploits0
CVE
CVE
added 2024/10/10 9:52 p.m.76 views

CVE-2024-47164

Gradio has a directory traversal bypass in the is_in_or_equal function (CVE-2024-47164). The vulnerability allows crafted paths using .. sequences to bypass directory checks and potentially access restricted files, especially where blocklist or directory access validation is used during file uplo...

6.5CVSS6.7AI score0.00687EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/10 9:27 p.m.10 views

GHSA-77XQ-6G77-H274 Gradio's `is_in_or_equal` function may be bypassed

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file...

6.9CVSS6.6AI score0.00687EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.2 views

Gradio 路径遍历漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from an attacker's ability to access and disclose the source code of a custom...

5.3CVSS6.6AI score0.00421EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/10/01 9:31 p.m.18 views

Link Following in github.com/containers/common

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

8.2CVSS6.5AI score0.0099EPSS
Exploits0References20Affected Software1
NVD
NVD
added 2024/10/01 7:15 p.m.18 views

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

8.2CVSS0.0099EPSS
Exploits0References17
OSV
OSV
added 2024/10/01 7:15 p.m.17 views

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

8.2CVSS6.4AI score0.0099EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2024/10/01 6:52 p.m.16 views

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

8.2CVSS6.5AI score0.0099EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/10/01 6:52 p.m.14 views

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

8.2CVSS6.6AI score0.0099EPSS
Exploits0
CVE
CVE
added 2024/10/01 6:52 p.m.346 views

CVE-2024-9341

CVE-2024-9341 is a vulnerability in the containers/common Go library that can occur when FIPS mode is enabled, enabling symbolic-link-based mounting to trick the host into mounting sensitive host directories inside a container and potentially accessing host files. Related advisories indicate affe...

8.2CVSS5.4AI score0.0099EPSS
Exploits0References17Affected Software1
Rows per page
Query Builder