Lucene search
K

132 matches found

Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2024-8952 SSRF in composiohq/composio

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

6.8CVSS6.5AI score0.00671EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.47 views

CVE-2024-8955

Affected product: composiohq/composio v0.4.4. Vulnerability type: Server-Side Request Forgery (SSRF) via BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions. Root cause / impact: insufficient validation/handling of user-supplied URLs enables an attacker to read files from the system; i...

7.5CVSS6.5AI score0.00679EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2010-2239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read...

4.4CVSS7.4AI score0.00325EPSS
Exploits0References2
CVE
CVE
added 2025/02/11 3:21 p.m.59 views

CVE-2024-12058

CVE-2024-12058 affects Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS). The issue arises from external control of a file name in the admin portal, allowing a remote authenticated attacker with admin privileges to read arbitrary files. Impact is limited to reading sensitive data from th...

6.8CVSS6.4AI score0.00902EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/05 5:35 a.m.6 views

CVE-2024-1558

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:7 a.m.11 views

CVE-2024-28247

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...

7.6CVSS6.3AI score0.01414EPSS
Exploits2References1
OSV
OSV
added 2025/02/04 7:22 a.m.6 views

BIT-MLFLOW-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/07 4:53 p.m.4 views

CVE-2024-12429

An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products PM5xxx with...

5.1CVSS6.4AI score0.00346EPSS
Exploits3References1
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.6 views

changedetection.io 路径遍历漏洞

changedetection.io is a website change detection, monitoring, and notification application from the individual developers at dgtlmoon. A path traversal vulnerability exists in changedetection.io prior to version 0.47.06, which stems from inadequate validation of the file URI scheme. An attacker...

8.6CVSS6.3AI score0.00697EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.5 views

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker could create and read arbitrary files by exploiting the vulnerability...

9.2CVSS9.5AI score0.99597EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.2 views

PT-2024-5999 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Magento Open Source versions 2.4.7-p1 through 2.4.4-p9 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known a...

6.8CVSS7.5AI score0.00872EPSS
Exploits0References12
Veracode
Veracode
added 2024/04/18 6:29 a.m.14 views

Path Traversal

mlflow/mlflow is vulnerable to a Path Traversal. The vulnerability is due to improper validation of the source parameter within handlers.py, allowing attackers to craft a parameter that bypasses checks, leading to arbitrary file read access on the server...

7.5CVSS6.7AI score0.00859EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/04/16 12:30 a.m.26 views

GHSA-G9CJ-CFPP-4G2X gradio vulnerable to Path Traversal

An issue was discovered in gradio-app/gradio, where the /componentserver endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the moveresourcetoblockcache method of the Block class, an attacker can copy any fi...

7.5CVSS7.2AI score0.09239EPSS
Exploits4References5
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.19 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS6.7AI score0.00859EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/04/16 12:15 a.m.20 views

CVE-2024-1558

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.4AI score0.00859EPSS
Exploits1References1
CVE
CVE
added 2024/04/16 12:0 a.m.134 views

CVE-2024-1561

Gradio 4.3–4.12 contains a local file read vulnerability by abusing the /component_server endpoint to invoke methods on a Component (via move_resource_to_block_cache), enabling an attacker to copy and read files on the host. Impact includes potential exposure of secrets (API keys, env vars) espec...

7.5CVSS6AI score0.09239EPSS
In wildExploits4References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.12 views

CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS6.7AI score0.00859EPSS
Exploits1References1
CVE
CVE
added 2024/04/16 12:0 a.m.81 views

CVE-2024-1558

CVE-2024-1558 (mlflow/mlflow) describes a path traversal vulnerability in the function _create_model_version() in server/handlers.py due to improper validation of the source parameter. Attackers can bypass the check in _validate_non_local_source_contains_relative_paths(source) and gain arbitrary ...

7.5CVSS6.5AI score0.00859EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/12/25 12:0 a.m.3 views

Nokia NFM-T Security Vulnerability

Nokia NFM-T is a transport network function manager from Nokia of Finland. A security vulnerability exists in Nokia NFM-T version R19.9, which originates from an absolute path traversal vulnerability that could allow an authenticated, remote attacker to read arbitrary files...

6.5CVSS6.7AI score0.008EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

South River Technologies Titan MFT and Titan SFTP Path Traversal Vulnerabilities

South River Technologies Titan MFT and South River Technologies Titan SFTP are both products of South River Technologies.South River Technologies Titan MFT is a popular file transfer solution for managing and encrypting file transfers.South River Technologies Titan SFTP is a solution for A securi...

9.1CVSS6.8AI score0.01481EPSS
Exploits3References3
Rows per page
Query Builder