Lucene search
K

110 matches found

OSV
OSV
added 2024/10/24 8:39 p.m.10 views

CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS9AI score0.01602EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2025-17573

Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4 Description The issue affects Jmix, a set of libraries and tools for Spring Boot data-centric application development. It allows manipulation of the input parameter, which...

6.4CVSS6.4AI score0.00291EPSS
Exploits0References18
OSV
OSV
added 2024/10/10 10:15 p.m.19 views

PYSEC-2024-213

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

6.5CVSS6.7AI score0.00687EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/09/10 11:14 a.m.324 views

Exploit for Improper Privilege Management in Enlightenment

CVE-2022-37706 The CVE-2022-37706 vulnerability is relate...

7.8CVSS8.1AI score0.05486EPSS
Exploits15
Github Security Blog
Github Security Blog
added 2024/09/03 9:1 p.m.39 views

Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)

Details The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. go...

7.5CVSS6.9AI score0.55864EPSS
Exploits3References6Affected Software1
NVD
NVD
added 2024/06/06 7:15 p.m.16 views

CVE-2024-1873

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...

9.1CVSS0.13389EPSS
Exploits0References2
CVE
CVE
added 2024/05/22 7:29 p.m.74 views

CVE-2024-4267

The CVE-2024-4267 entry concerns parisneo/lollms-webui version 9.5, in the open_file (open file) function. The root cause is improper neutralization of elements in a user-controlled file path used by subprocess.Popen, allowing command injection. This enables remote code execution where an attacke...

9.8CVSS8.9AI score0.01484EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/09 12:0 a.m.5 views

The vulnerabilities of the functions setTemplate(), renderPhp(), and pathJoin() of the Shield Security plugin—a WordPress content management system for smart bot blocking and intrusion prevention—allow attackers to load arbitrary PHP files.

The vulnerabilities of the setTemplate, renderPhp, and pathJoin functions in the Shield Security plugin—a system for WordPress content management with Smart Bot Blocking & Intrusion Prevention features—are related to improper external manipulation of file names or file paths. Exploiting these...

10CVSS7.9AI score0.56567EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/12/14 1:15 p.m.22 views

CVE-2023-6569

External Control of File Name or Path in h2oai/h2o-3...

8.2CVSS9.3AI score
Exploits0References1
Prion
Prion
added 2023/09/16 9:15 p.m.21 views

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...

4.3CVSS7.5AI score0.00194EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/11 12:0 a.m.6 views

The vulnerability of the Imagick() function (~/includes/mla-stream-image.php) of the Media Library Assistant plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Imagick function /includes/mla-stream-image.php in the Media Library Assistant plugin of the WordPress content management system is related to improper external manipulation of file names or file paths. Exploiting this vulnerability could allow a malicious actor to execut...

10CVSS8.1AI score0.82585EPSS
Exploits6References8Affected Software1
CVE
CVE
added 2023/07/23 3:31 a.m.58 views

CVE-2023-3842

CVE-2023-3842 affects Pointware EasyInventory 1.0.12.0. The vulnerability stems from an unquoted search path in the vulnerable binary Easy2W.exe located under C:\Program Files (x86)\EasyInventory. This enables a local attacker to exploit the issue, with the impact described as high confidentialit...

7.8CVSS7.6AI score0.00201EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.6 views

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers allows a intruder to gain unauthorized access to local files.

The vulnerability of the monitoring software for the functions and status of Advantech R-SeeNet routers is related to improper external manipulation of the file name or file path. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to local...

9CVSS7.4AI score0.00647EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2023/06/22 11:31 a.m.3 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass...

6.9CVSS7.3AI score0.00577EPSS
Exploits0References2
NVD
NVD
added 2022/10/13 11:15 a.m.25 views

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

7.5CVSS0.00785EPSS
Exploits0References1
Prion
Prion
added 2022/10/13 11:15 a.m.11 views

Design/Logic Flaw

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

5CVSS7.7AI score0.00785EPSS
Exploits0References1Affected Software1
SonicWall
SonicWall
added 2022/10/13 9:40 a.m.9 views

GMS File Path Manipulation

An unauthenticated attacker can gain access to web directory containing application's binaries and configuration files through file path manipulation vulnerability. CVE: CVE-2021-20030 Last updated: Oct. 13, 2022, 9:40 a.m...

7.5CVSS7.1AI score0.00785EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.7 views

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

7.7AI score0.00785EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/13 12:0 a.m.6 views

PT-2022-9165 · Sonicwall · Sonicwall Gms

Name of the Vulnerable Software and Affected Versions: SonicWall GMS affected versions not specified Description: The issue allows an unauthenticated attacker to gain access to the web directory containing the application's binaries and configuration files through file path manipulation...

7.5CVSS7.6AI score0.00785EPSS
Exploits0References5
CVE
CVE
added 2022/10/13 12:0 a.m.62 views

CVE-2021-20030

CVE-2021-20030 affects SonicWall Global Management System (GMS). The connected sources describe a file path manipulation vulnerability that allows an unauthenticated attacker to access the web directory containing the application's binaries and configuration files. The CVE is documented across mu...

7.5CVSS7.7AI score0.00785EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder