CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

CVE-2024-47272

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.5AI score0.00044EPSS

Exploits0References1

EUVD•added 2026/05/27 8:30 a.m.•8 views

EUVD-2024-55598

2.7CVSS5.8AI score0.00044EPSS

Exploits0References1

CVE•added 2026/05/27 8:29 a.m.•12 views

CVE-2024-47270

CVE-2024-47270 describes an improper preservation of permissions vulnerability in the Archiving Push feature of Synology Surveillance Station, affecting versions prior to 9.2.2-11575 and 9.2.2-9575. The issue permits remote authenticated users with administrator privileges to perform limited file...

2.7CVSS5.8AI score0.00033EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/27 8:29 a.m.•7 views

EUVD-2024-55596

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.8AI score0.00033EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2024-29344

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00245EPSS

Exploits0References10

Metasploit•added 2025/08/28 6:53 p.m.•438 views

Pretalx Arbitrary File Read/Limited File Write

This module exploits functionality in Pretalx that export conference schedule as zipped file. The Pretalx will iteratively include any file referenced by any HTML tag and does not properly check the path of the file, which can lead to arbitrary file read. The module requires credentials that allo...

5.9AI score

Exploits0

Packet Storm•added 2025/08/28 12:0 a.m.•209 views

📄 Pretalx Limited File Write / Remote Code Execution

This Metasploit module exploits CVE-2023-28458, a limited file write in Pretalx, up to version 2.3.1. The module will use the vulnerability to write a malicious site-specific configuration hook for Python. Once hook is written, payload will be executed every time Pretalx user runs any Python code...

4.3CVSS4.8AI score0.76795EPSS

Exploits3

Vulnrichment•added 2024/07/22 3:21 p.m.•18 views

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

6.5CVSS6.8AI score0.00212EPSS

Exploits1References3

OSV•added 2024/07/22 3:21 p.m.•7 views

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

6.5CVSS6.8AI score0.00212EPSS

Exploits1References5

Cvelist•added 2024/04/16 2:28 p.m.•14 views

CVE-2024-31451 Limited file write in routes.py (GHSL-2023-250)

DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1...

5.3CVSS5.5AI score0.00246EPSS

Exploits0References3

CVE•added 2024/04/12 9:41 p.m.•66 views

CVE-2024-31462

The CVE-2024-31462 entry concerns stable-diffusion-webui (v1.7.0) with a limited file write vulnerability. The root cause is in the create_ui function (Backup/Restore tab) within modules/ui_extensions.py, where user input is captured into config_save_name and later used to form a file path that i...

6.3CVSS6.8AI score0.00245EPSS

Exploits0References10

OSV•added 2024/04/12 9:41 p.m.•14 views

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

6.3CVSS6.8AI score0.00245EPSS

Exploits0References12

Cvelist•added 2024/04/12 9:41 p.m.•16 views

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

6.3CVSS6.5AI score0.00245EPSS

Exploits0References10

Vulnrichment•added 2024/04/12 9:41 p.m.•20 views

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

6.3CVSS6.9AI score0.00245EPSS

Exploits0References10

OSV•added 2024/03/14 8:37 p.m.•18 views

GHSA-HH2Q-QV66-JCQG Whoogle Search Path Traversal vulnerability

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...

5.3CVSS5.2AI score0.00192EPSS

Exploits1References9

Github Security Blog•added 2024/03/14 8:37 p.m.•25 views

Whoogle Search Path Traversal vulnerability

5.3CVSS6.9AI score0.00192EPSS

Exploits1References9Affected Software1

Veracode•added 2024/01/25 5:29 a.m.•14 views

Path Traversal

Whoogle Search is vulnerable to Path Traversal. The vulnerability is caused due to a lack of validation for the name variable in the config function within app/routes.py. This allows an attacker to perform a limited file write, overwriting existing files or creating new ones...

5.3CVSS6.8AI score0.00192EPSS

Exploits1References6Affected Software1