Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2025/10/17 3:30 p.m.2 views

CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS6.6AI score0.00707EPSS
Exploits0References5
CVE
CVE
added 2025/10/17 3:30 p.m.54 views

CVE-2025-26625

Git LFS CVE-2025-26625 affects versions 0.5.2–3.7.0. When populating a working tree (and in bare repositories), git lfs checkout and git lfs pull may write to files outside the repository if crafted symbolic or hard links collide with paths tracked by Git LFS. The root cause is lack of checks for...

8.6CVSS6.6AI score0.00707EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/08/12 11:13 p.m.5 views

WordPress Tutor LMS Pro plugin <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection vulnerability

Authenticated Tutor Instructor+ SQL Injection vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS Pro versions = 3.7.0...

8.8CVSS7.8AI score0.00326EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/03/03 7:15 p.m.23 views

CVE-2025-27501

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...

8.6CVSS0.00367EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 6:33 p.m.71 views

CVE-2025-27501

CVE-2025-27501 describes an unauthenticated SSRF in OpenZiti Console where an admin-panel endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller, enabling server-side requests. Root cause: server-side request is triggered using a node’s identity via the parameter. Imp...

8.6CVSS8.7AI score0.00367EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/03/03 6:33 p.m.11 views

CVE-2025-27501 Server Side Request Forgery in Ziti Console

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...

8.6CVSS7.1AI score0.00367EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/03 12:0 a.m.9 views

WordPress Sheets To WP Table Live Sync Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Sheets To WP Table Live Sync Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34375 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 592f4fe7fc70 Credits Manab Jyoti Dowarah...

5.9CVSS6.6AI score0.00359EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/16 12:0 a.m.11 views

WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47605 Patch priority Low CVSS severity Low 8.3 Developer Kunal Nagar PSID 960f40facc61 Credits minhtuanact Required privilege Administrator Published...

8.3CVSS6.9AI score0.00668EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder