Lucene search
K

174 matches found

Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-33482 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...

7.5CVSS6.4AI score0.00954EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.4 views

ZimaOS 安全漏洞

ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS prior to version 1.2.4, which stems from improper input validation and leaves the API endpoint...

7.5CVSS6.8AI score0.00702EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/17 6:12 p.m.9 views

CVE-2024-10101 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS5.1AI score0.00323EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/17 6:12 p.m.11 views

CVE-2024-10101 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS0.00323EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/14 12:0 a.m.9 views

PT-2024-37828 · Nanjing Xingyuantu Technology · Sparkshop

Name of the Vulnerable Software and Affected Versions: Nanjing Xingyuantu Technology SparkShop versions up to 1.1.6 Description: A critical issue affects the processing of the file "/api/Common/uploadFile". The manipulation of the file argument leads to unrestricted upload. The attack can be...

6.5CVSS6.5AI score0.00427EPSS
Exploits0References7
CVE
CVE
added 2024/06/27 6:41 p.m.58 views

CVE-2024-6250

Summary (fact-grounded): CVE-2024-6250 affects parisneo/lollms-webui version 9.6. The vulnerability is an absolute path traversal in the open_file endpoint of lollms_advanced.py, where the sanitize_path function with allow_absolute_path=True enables reading arbitrary files and listing directories...

7.5CVSS7.4AI score0.01957EPSS
In wildExploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.7 views

PT-2024-37482

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: An absolute path traversal issue exists, specifically in the "open file" endpoint of "lollms advanced.py". The sanitize path function with allow absolute path=True allows an attacker to access...

7.5CVSS6AI score0.01957EPSS
Exploits1References4
CVE
CVE
added 2024/06/06 6:40 p.m.68 views

CVE-2024-3153

CVE-2024-3153 affects mintplex-labs/anything-llm. An uncontrolled resource consumption vulnerability exists in the upload file endpoint, enabling a denial of service by sending an invalid upload request. Documented impact is DOS with availability impact described; no official fix/version is provi...

6.5CVSS6.3AI score0.00656EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 6:40 p.m.21 views

CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

6.5CVSS6.7AI score0.00656EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.8 views

PT-2024-33521 · Gradio App · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio version 4.25 Description: A local file inclusion issue exists due to improper input validation in the postprocess function within gradio/components/json component.py. This allows a user-controlled string to be parsed as JSON...

7.5CVSS6.6AI score0.0083EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.6 views

PT-2024-36068 · Unknown · Phpmybackuppro

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/get file.php" API endpoint, using the view parameter. This could allow an attacker to create ...

7.1CVSS6.2AI score0.00252EPSS
Exploits0References3
NVD
NVD
added 2024/04/29 7:15 a.m.17 views

CVE-2024-3194

A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...

6.1CVSS4.3AI score0.00738EPSS
Exploits1References5
OSV
OSV
added 2024/04/29 7:15 a.m.7 views

CVE-2024-3194

A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...

6.1CVSS3.5AI score0.00738EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/04/29 6:22 a.m.12 views

CVE-2024-3194 MailCleaner Log File Endpoint cross site scripting

A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...

5CVSS6.2AI score0.00738EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/04/29 6:22 a.m.22 views

CVE-2024-3194 MailCleaner Log File Endpoint cross site scripting

A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...

5CVSS4.7AI score0.00738EPSS
Exploits1References5
OSV
OSV
added 2024/03/18 9:15 p.m.5 views

CVE-2024-2604

A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit...

9.8CVSS5.5AI score0.00724EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.10 views

PT-2024-21287 · Sourcecodester · Sourcecodester File Manager App

Name of the Vulnerable Software and Affected Versions: SourceCodester File Manager App version 1.0 Description: A critical issue has been found in the SourceCodester File Manager App, affecting the /endpoint/update-file.php file. The manipulation of the file argument leads to unrestricted upload...

9.8CVSS6.6AI score0.00724EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.5 views

PT-2024-15455 · Youke365 · Youke365

Name of the Vulnerable Software and Affected Versions: Youke365 versions up to 1.5.3 Description: A critical issue has been found in Youke365, affecting an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the url argument leads to server-side request forgery...

9.8CVSS6.5AI score0.005EPSS
Exploits0References8
Veracode
Veracode
added 2023/12/22 11:8 a.m.23 views

Path Traversal

Gradio is vulnerable for Path Traversal. The vulnerability is due to improper file path validation within the /file endpoint. An attacker can access arbitrary files on the server by requesting a filepath starting with...

7.5CVSS6.9AI score0.0228EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.6 views

Gradio Path Traversal Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A path traversal vulnerability exists in Gradio versions prior to 4.11.0, which stems from a path traversal vulnerability in /file...

7.5CVSS6.8AI score0.0228EPSS
Exploits0References4
Rows per page
Query Builder