Lucene search
+L

157 matches found

OSV
OSV
added 2026/04/10 6:14 p.m.3 views

CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

9.3CVSS6AI score0.00321EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had security vulnerabilities. These vulnerabilities stemmed from a chained...

9.8CVSS5.9AI score0.00321EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.11 views

PT-2026-32014

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 Description Chamilo LMS is a learning management system. A chained attack can enable otherwise-blocked PHP code from the main/install/ directory, allowing an unauthenticated attacker to modify existing fil...

9.3CVSS5.8AI score0.00321EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/05 9:30 p.m.6 views

EUVD-2019-20089

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS5.9AI score0.00427EPSS
Exploits1References4
NVD
NVD
added 2026/04/05 9:16 p.m.10 views

CVE-2019-25677

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS0.00427EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.7 views

CVE-2026-25191

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privileg...

8.4CVSS6.3AI score0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 6:30 a.m.8 views

EUVD-2026-8835

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privileg...

8.4CVSS6AI score0.00144EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.8 views

Cisco AppDynamics PHP Agent Privilege Escalation (cisco-sa-appd-php-authpriv-gEBwTvu5)

According to its self-reported version, Cisco AppDynamics is affected by a vulnerability. - A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient...

7.8CVSS5.7AI score0.00189EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/03 12:24 a.m.6 views

SUSE CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

3.1CVSS5.4AI score0.0039EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/02/02 3:30 p.m.10 views

pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.4AI score0.0039EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/02 3:16 p.m.8 views

AZL-76593 CVE-2026-1703 affecting package python-pip 24.2-5

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.7AI score0.0039EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 3:16 p.m.13 views

CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS0.0039EPSS
Exploits1References3
OSV
OSV
added 2026/02/02 3:16 p.m.7 views

AZL-76599 CVE-2026-1703 affecting package python3 3.12.9-9

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.7AI score0.0039EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 3:16 p.m.8 views

UBUNTU-CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.8AI score0.0039EPSS
Exploits1References5
EUVD
EUVD
added 2026/02/02 2:43 p.m.4 views

EUVD-2026-5106

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.4AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which stems from potential path traversal when installing maliciously crafted wheel archives, potentially leading to files being extracted outside of the installation directory...

2CVSS5.8AI score0.0039EPSS
Exploits1References3
NVD
NVD
added 2026/01/14 9:15 p.m.9 views

CVE-2026-23512

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...

8.6CVSS0.00191EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/14 8:31 p.m.26 views

CVE-2026-23512 SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...

8.6CVSS0.00191EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/14 8:31 p.m.7 views

EUVD-2026-2675

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...

8.6CVSS7.3AI score0.00191EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 8:31 p.m.4 views

CVE-2026-23512

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...

8.6CVSS6.2AI score0.00191EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder