Lucene search
K

666 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:34 p.m.13 views

CVE-2024-7043

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

8.8CVSS6.5AI score0.00563EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-7043 Improper Access Control in open-webui/open-webui

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

8.1CVSS7.8AI score0.00563EPSS
Exploits1References1
NVD
NVD
added 2025/03/19 7:15 p.m.8 views

CVE-2024-7631

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS0.00465EPSS
Exploits0References3
CVE
CVE
added 2025/03/19 6:47 p.m.94 views

CVE-2024-7631

OpenShift Console CVE-2024-7631 describes a path traversal flaw in the locales/resources.json endpoint where lng/ns are used to build a file path in pkg/plugins/handlers unsafely.go, allowing an authenticated user to read arbitrary JSON files on the console pod by using ../ sequences. Connected d...

4.3CVSS4.5AI score0.00465EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/19 11:56 a.m.8 views

Security Bulletin: IBM Security QRadar EDR could allow Unauthorized File Retrieval via SMB (CVE-2024-45644)

Summary IBM Security QRadar EDR allows SMB file downloads, restricted to Administrator and Responder accounts. This behavior follows Windows OS defaults, and documentation will be updated to recommend NTLM restrictions and least privilege access controls. Vulnerability Details CVEID:CVE-2024-4564...

4.7CVSS6.5AI score0.00257EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/03/11 9:32 p.m.6 views

CVE-2025-27101 Broken Access Control in Opal filesystem's copy functionality exposes all user data

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

8.6CVSS6.8AI score0.00523EPSS
Exploits0References4
CVE
CVE
added 2025/03/04 1:31 p.m.139 views

CVE-2025-1936

CVE-2025-1936 is a Firefox/Thunderbird vulnerability where jar: URLs used to retrieve local ZIP contents could misclassify content due to a null-termination issue in the archive, potentially enabling disguised code in a web extension. Affected: Firefox before 136, Firefox ESR before 128.8, Thunde...

7.3CVSS6.8AI score0.00413EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/03/02 5:19 p.m.5 views

CVE-2025-24843

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data...

5.1CVSS6.7AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 5:15 p.m.8 views

CVE-2025-24843

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data...

5.1CVSS0.00143EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 4:56 p.m.96 views

CVE-2025-24843

CVE-2025-24843 affects the Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application. The issue is an insecure file retrieval process that could enable file manipulation, impacting the confidentiality, integrity, authenticity and attestation of stored data and potentially...

5.1CVSS6.8AI score0.00143EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.3 views

Dario Health 安全漏洞

Dario Health is a software from Dario Health that provides digital health solutions for people with chronic conditions. Dario Health has a security vulnerability that stems from an insecure file retrieval process that could lead to file manipulation, impacting product stability and data...

5.1CVSS6.6AI score0.00143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.4 views

PT-2025-9119 · Dario Health · Dario Application Database/Internet-Based Server Infrastructure +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns an insecure file retrieval process. This process may facilitate the potential for file manipulation, which could affect product stability and the confidentiality, integrit...

5.1CVSS6.7AI score0.00143EPSS
Exploits0References6
NVD
NVD
added 2025/02/18 1:15 a.m.16 views

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

7.5CVSS0.00533EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/13 12:18 a.m.9 views

CVE-2024-44336

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage...

5.3CVSS6.8AI score0.0029EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 12:0 a.m.65 views

CVE-2024-44336

AnkiDroid Android Application v2.17.6 is affected by CVE-2024-44336, where an attacker can retrieve internal files from the directory /data/data/com.ichi2.anki/ and copy them to publicly accessible storage. The connected PT-2025-6409 entry corroborates the affected version and indicates that ther...

5.3CVSS5.2AI score0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/11 12:0 a.m.8 views

CVE-2024-44336

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage...

5.2AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:49 p.m.11 views

CVE-2020-15099

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

8.1CVSS7.8AI score0.01782EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:43 p.m.9 views

CVE-2020-6366

SAP NetWeaver Compare Systems versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service...

7.6CVSS7.2AI score0.01062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:10 a.m.8 views

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

8.6CVSS6.9AI score0.01016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:6 a.m.9 views

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

7.5CVSS6.4AI score0.0083EPSS
Exploits1
Rows per page
Query Builder