Lucene search
+L

305 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0150

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00992EPSS
Exploits1References7
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18249

Malicious code in bioql PyPI...

5.6CVSS6.2AI score0.00166EPSS
Exploits0References4
veracode
veracode
added 2025/09/08 6:19 a.m.5 views

Improper Input Validation

@anthropic-ai/claude-code is vulnerable to improper input validation. The vulnerability is due to an overly broad allowlist of safe commands, which allows an attacker to bypass confirmation prompts, read file contents, and exfiltrate them over the network without user confirmation...

7.5CVSS6.8AI score0.00431EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2025/08/20 5:58 p.m.45 views

CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

9.3CVSS0.00438EPSS
Exploits1References2
nessus
nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-47950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the...

6.5CVSS6.7AI score0.01001EPSS
Exploits1References2
cve
cve
added 2025/07/21 6:31 a.m.24 views

CVE-2025-24937

CVE-2025-24937 enables an attacker to read local file contents and inject malicious code, potentially resulting in full compromise of the web application and the hosting container. The vulnerability concerns a web application component bound to the network stack, with attackers able to reach from...

9CVSS6.6AI score0.0024EPSS
Exploits0References1Affected Software1
cisa_kev
cisa_kev
added 2025/07/07 12:0 a.m.10 views

Rails Ruby on Rails Path Traversal Vulnerability

Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents...

7.5CVSS7.2AI score0.98507EPSS
In wildExploits18
github
github
added 2025/06/13 9:30 a.m.8 views

Salt's file contents overwrite the VirtKey class

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS7.3AI score0.00166EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/06/13 9:30 a.m.5 views

GHSA-7F3F-X5F5-79GW Salt's file contents overwrite the VirtKey class

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS7.3AI score0.00166EPSS
Exploits0References5
nvd
nvd
added 2025/06/13 7:15 a.m.12 views

CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS0.00166EPSS
Exploits0References2
cve
cve
added 2025/06/13 7:4 a.m.62 views

CVE-2025-22241

CVE-2025-22241 affects Salt's VirtKey class; the vulnerability arises from on-demand pillar data paths derived from unvalidated input to the pki directory, enabling auto-accept of Minion authentication keys via a pre-placed authorization file in the default config. Public disclosures in SUSE/open...

5.6CVSS5.6AI score0.00166EPSS
Exploits0References2
cvelist
cvelist
added 2025/06/13 7:4 a.m.20 views

CVE-2025-22241 CVE-2025-22241 salt advisory

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS0.00166EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 10:21 a.m.19 views

CVE-2024-7135

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getfile' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with...

6.5CVSS6.3AI score0.0269EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 6:33 a.m.7 views

CVE-2024-42499

Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specif...

5.3CVSS6.6AI score0.00649EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 4:25 a.m.8 views

CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

7.5CVSS6.4AI score0.01158EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 3:15 a.m.5 views

CVE-2023-22626

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...

7.5CVSS6.3AI score0.00831EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:53 p.m.5 views

CVE-2021-37595

In FreeRDP before 2.4.0 on Windows, wfcliprdrserverfilecontentsrequest in client/Windows/wfcliprdr.c has missing input checks for a FILECONTENTSRANGE File Contents Request PDU...

9.8CVSS7.2AI score0.01516EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/04/10 12:0 a.m.10 views

Vite 信息泄露漏洞

Vite is a new front-end builder tool open-sourced by Vite. An information disclosure vulnerability exists in Vite, which stems from the fact that the contents of an arbitrary file may be returned to the browser. The following versions are affected: versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18,...

6CVSS5.7AI score0.01725EPSS
Exploits2References2
cvelist
cvelist
added 2025/04/08 6:0 p.m.20 views

CVE-2025-32035 DNN does not check the contents of a file when uploading files

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 9.13.2, when uploading files e.g. when uploading assets, the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This...

2.6CVSS0.0017EPSS
Exploits0References2
osv
osv
added 2025/03/27 12:41 a.m.8 views

USN-7375-1 org-mode vulnerabilities

It was discovered that Org Mode did not correctly handle filenames containing shell metacharacters. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28617 It was discovered that Org Mode could run...

9.8CVSS7.4AI score0.01312EPSS
Exploits0References5
Rows per page
Query Builder