Lucene search
K

779 matches found

RedhatCVE
RedhatCVE
added 2024/10/01 4:9 p.m.16 views

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

5.4CVSS5.2AI score0.0099EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/09/25 1:15 a.m.7 views

CVE-2024-9142

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642...

9.8CVSS5.8AI score0.0041EPSS
Exploits0References3
Veracode
Veracode
added 2024/09/20 6:18 a.m.11 views

Directory Traversal

contao/core-bundle is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation or restriction of file paths in the FileSelector widget, allowing authenticated users to access directories outside the intended document root...

4.3CVSS6.4AI score0.00427EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/13 12:0 a.m.4 views

The vulnerability of Nomad application orchestrators, related to improper external control of the file name or path during data loading, allows attackers to create archives that unpack files according to paths outside the expected distribution directory.

The vulnerability of Nomad application orchestrators is related to incorrect external management of filenames or file paths during data loading. Exploiting this vulnerability allows an attacker to create a archive that unpacks files using paths outside the expected distribution directory...

5.8CVSS5.4AI score0.00333EPSS
Exploits0References3Affected Software2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.242 views

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA / Client Access Server CAS IIS HTTP Internal IP Disclosure', 'Description' = %q This module tests vulnerable IIS HTTP header...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.226 views

Apache Flink JobManager Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...

9.1CVSS7.4AI score0.97856EPSS
Exploits14
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.199 views

MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure", 'Description' = %q This module will use the Microsoft XMLDOM object to enumerat...

6.5CVSS7AI score0.58023EPSS
Exploits3
OSV
OSV
added 2024/08/28 4:15 a.m.4 views

CVE-2024-6448

The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full...

5.3CVSS5.7AI score0.00456EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.8 views

Hitachi Energy MicroSCADA X SYS600 参数注入漏洞

Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. The Hitachi Energy MicroSCADA X SYS600 suffers from a paramet...

9.9CVSS9AI score0.00611EPSS
Exploits0References2
Veracode
Veracode
added 2024/08/26 6:45 a.m.12 views

Arbitrary File Leakage

Mage AI is vulnerable to Arbitrary File Leakage. The vulnerability is due to improper validation and handling of file paths in the "File Content" request, which allows unauthorized users to access files outside of their intended scope...

6.5CVSS7AI score0.00881EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/08/26 6:45 a.m.13 views

Path Traversal

Mage AI is vulnerable to Path Traversal. The vulnerability is due to improper handling of file paths in the "Pipeline Interaction" request, which allows an attacker to leak arbitrary files from the Mage server...

6.5CVSS7AI score0.00859EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/08/13 3:43 a.m.14 views

Path Traversal

Filament Excel is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the export download route '/filament-excel/path', allowing the use of ../ to navigate directories and access unauthorized files...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/08/01 7:15 a.m.3 views

CVE-2024-5330

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdancecssfilepathscache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00248EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/07/31 10:23 a.m.5 views

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1References6
Veracode
Veracode
added 2024/07/10 9:10 a.m.13 views

Improper Verification Of Cryptographic Signature

electron-updater is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is caused due to improper handling and comparison of file paths, allowing an attacker to bypass signature verification by exploiting environment variable expansion and tricking the application in...

7.5CVSS6.7AI score0.00336EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/27 9:32 p.m.16 views

lollms vulnerable to dot-dot-slash path traversal in XTTS server

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...

7.3CVSS6.9AI score0.0052EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/27 7:15 p.m.25 views

CVE-2024-6139

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...

7.3CVSS0.0052EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/27 6:45 p.m.10 views

CVE-2024-6139 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...

7.3CVSS6.9AI score0.0052EPSS
Exploits0References1
CVE
CVE
added 2024/06/27 6:45 p.m.44 views

CVE-2024-6139

CVE-2024-6139 affects the XTTS server in parisneo/lollms v9.6. The issue stems from improper validation of user-provided file paths in the tts_to_file endpoint, enabling path traversal that allows writing audio files to arbitrary locations and enumerating file paths. The CVSSv3 base score is 7.3 ...

7.3CVSS7.2AI score0.0052EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 6:45 p.m.26 views

CVE-2024-6139 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...

7.3CVSS0.0052EPSS
Exploits0References1
Rows per page
Query Builder