16 matches found
PT-2026-45053
Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcp server/adapters/cli tools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...
Vite 访问控制错误漏洞
Vite is a new front-end builder tool from the Vite open source. Vite suffers from an access control error vulnerability that stems from the fact that the contents of any file can be returned to the browser...
Severalnines Cluster Control 安全漏洞
Severalnines Cluster Control is agentless management and automation software for database clusters from Severalnines. Severalnines Cluster Control versions 1.9.8 prior to 1.9.8-9778, 2.0.0 prior to 2.0.0-9779, and 2.1.0 prior to 2.1.0-9780 have a security vulnerability that originates from the...
GHSA-64X5-55RW-9974 cross-site inclusion (XSSI) of files in jupyter-server
Impact Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". Patches Jupyter Server 2.7.2 Workarounds Use lower performance...
CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
PT-2023-25166 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue allows attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system due to the lack of restriction...
SUSE CVE-2021-33203
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
GitLab 信息泄露漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab that stems from a program that trigge...
django: Potential directory traversal via ``admindocs``
A flaw was found in django. Staff members could use the :mod:django.contrib.admindocs TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been customized by the developers to also expose the file contents, then not...
GHSA-68W8-QJQ3-2GFM Path Traversal in Django
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
PYSEC-2021-98
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
UBUNTU-CVE-2021-33203
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
Dell EMC RecoverPoint boxmgmt CLI Arbitrary File Read Vulnerability
The Dell EMC RecoverPoint Dell EMC RecoverPoint product provides continuous data protection for operational recovery and disaster recovery, which supports any-point-in-time recovery of diverse storage environments within and between data centers. An arbitrary file read vulnerability exists in the...
CVE-2017-1125
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...
USN-2405-1 cinder vulnerabilities
Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. CVE-2014-3641 Amrith Kumar discovered that OpenStack Cinder di...