Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45053

Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcp server/adapters/cli tools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...

9.6CVSS6AI score0.00619EPSS
Exploits1References3
Snyk
Snyk
added 2025/03/20 10:52 a.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...

8.7CVSS6.7AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.4 views

Vite 访问控制错误漏洞

Vite is a new front-end builder tool from the Vite open source. Vite suffers from an access control error vulnerability that stems from the fact that the contents of any file can be returned to the browser...

4.8CVSS5AI score0.0103EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.3 views

Severalnines Cluster Control 安全漏洞

Severalnines Cluster Control is agentless management and automation software for database clusters from Severalnines. Severalnines Cluster Control versions 1.9.8 prior to 1.9.8-9778, 2.0.0 prior to 2.0.0-9779, and 2.1.0 prior to 2.1.0-9780 have a security vulnerability that originates from the...

7.5CVSS9AI score0.06464EPSS
Exploits1References5
OSV
OSV
added 2023/08/29 11:34 p.m.35 views

GHSA-64X5-55RW-9974 cross-site inclusion (XSSI) of files in jupyter-server

Impact Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". Patches Jupyter Server 2.7.2 Workarounds Use lower performance...

4.6CVSS5.3AI score0.00542EPSS
Exploits0References7
OSV
OSV
added 2023/08/28 8:1 p.m.25 views

CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...

4.6CVSS5.6AI score0.00542EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-25166 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue allows attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system due to the lack of restriction...

6.5CVSS6.7AI score0.0063EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-33203

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS7.8AI score0.02737EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.3 views

GitLab 信息泄露漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab that stems from a program that trigge...

7.5CVSS7.3AI score0.00794EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/16 3:43 p.m.9 views

django: Potential directory traversal via ``admindocs``

A flaw was found in django. Staff members could use the :mod:django.contrib.admindocs TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been customized by the developers to also expose the file contents, then not...

4.9CVSS7.2AI score0.02737EPSS
Exploits0References5
OSV
OSV
added 2021/06/10 5:21 p.m.2 views

GHSA-68W8-QJQ3-2GFM Path Traversal in Django

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

6.9CVSS6.8AI score0.02737EPSS
Exploits0References12
PyPA
PyPA
added 2021/06/08 6:15 p.m.6 views

PYSEC-2021-98

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS7AI score0.02737EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/06/02 9:0 a.m.1 views

UBUNTU-CVE-2021-33203

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS6.8AI score0.02737EPSS
Exploits0References5
CNVD
CNVD
added 2018/06/07 12:0 a.m.2 views

Dell EMC RecoverPoint boxmgmt CLI Arbitrary File Read Vulnerability

The Dell EMC RecoverPoint Dell EMC RecoverPoint product provides continuous data protection for operational recovery and disaster recovery, which supports any-point-in-time recovery of diverse storage environments within and between data centers. An arbitrary file read vulnerability exists in the...

6.8AI score
Exploits0References1
OSV
OSV
added 2017/06/07 5:29 p.m.5 views

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

3.3CVSS7.3AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2014/11/11 7:15 p.m.6 views

USN-2405-1 cinder vulnerabilities

Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. CVE-2014-3641 Amrith Kumar discovered that OpenStack Cinder di...

4CVSS5.8AI score0.0186EPSS
Exploits0References3
Rows per page
Query Builder