Lucene search
K

7279 matches found

CVE
CVE
added 2024/12/13 5:49 a.m.43 views

CVE-2024-11834

CVE-2024-11834 is a path traversal vulnerability in PlexTrac (versions 1.61.3 through 2.8.1) caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file writes. Connected documents corroborate affected software and the root cause; PT-2024 notes a fix is present ...

9.1CVSS6.6AI score0.00488EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/13 5:49 a.m.16 views

CVE-2024-11833 Arbitrary Directory Write via Runbooks Artifact Upload

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

8.9CVSS0.00488EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 3:46 p.m.11 views

GO-2024-3326 SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel

SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel...

8.7CVSS6.5AI score0.00362EPSS
Exploits0References2
NVD
NVD
added 2024/12/12 2:15 a.m.21 views

CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

8.7CVSS0.00362EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

SiYuan 路径遍历漏洞

SiYuan is a privacy-first personal knowledge management system from SiYuan open source. A path traversal vulnerability exists in SiYuan versions prior to 3.1.16, which stems from vulnerability to cross-site scripting attacks that write to and store arbitrary files on the host...

8.7CVSS6.1AI score0.00362EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/11 10:53 p.m.13 views

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

8.7CVSS6.2AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2024/12/11 10:53 p.m.11 views

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

8.7CVSS6.2AI score0.00362EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/11 10:53 p.m.18 views

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

8.7CVSS0.00362EPSS
Exploits0References2
OSV
OSV
added 2024/12/11 6:44 p.m.10 views

GHSA-FQJ6-WHHX-47P7 SiYuan has an arbitrary file write in the host via /api/asset/upload

Summary The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS via the file write. Impact Arbitrary file write...

8.7CVSS5.5AI score0.00362EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/12/11 6:44 p.m.18 views

SiYuan has an arbitrary file write in the host via /api/asset/upload

Summary The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS via the file write. Impact Arbitrary file write...

8.7CVSS5.8AI score0.00362EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.4 views

PT-2024-36573 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: Siyuan versions prior to 3.1.16 Description: Siyuan is a personal knowledge management system. The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored Cross-Site Scripting via the file write...

9.8CVSS6AI score0.89633EPSS
Exploits15References36
Github Security Blog
Github Security Blog
added 2024/12/10 6:31 a.m.15 views

luigi Arbitrary File Write via Archive Extraction (Zip Slip)

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

8.6CVSS6.8AI score0.01074EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/12/10 5:15 a.m.5 views

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

7.7CVSS6.7AI score0.01074EPSS
Exploits0References5
PyPA
PyPA
added 2024/12/10 5:15 a.m.8 views

PYSEC-2024-159

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

8.6CVSS7AI score0.01074EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/12/10 5:15 a.m.16 views

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

8.6CVSS0.01074EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/12/10 5:0 a.m.6 views

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

8.6CVSS8.5AI score0.01074EPSS
Exploits0References5
CVE
CVE
added 2024/12/10 5:0 a.m.82 views

CVE-2024-21542

CVE-2024-21542 affects luigi before 3.6.0, vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) caused by improper destination file path validation in the _extract_packages_archive function. A malicious zip can traverse paths to overwrite arbitrary files outside the target directo...

8.6CVSS6.9AI score0.01074EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/12/10 5:0 a.m.267 views

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

8.6CVSS0.01074EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.2 views

Luigi 安全漏洞

Luigi is a Python package open-sourced by Spotify that helps build complex pipelines of batch jobs. A security vulnerability exists in Luigi versions prior to 3.6.0, which stems from incorrect validation of the destination file path in the extractpackagesarchive function, leaving it vulnerable to...

8.6CVSS6.6AI score0.01074EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/12/04 12:0 a.m.5 views

Cisco Unified Computing System Unrestricted Upload of File with Dangerous Type (CVE-2017-12332)

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

4.9CVSS5.2AI score0.00325EPSS
Exploits0References7
Rows per page
Query Builder