Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.11 views

CVE-2026-40610

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...

5.5CVSS5.7AI score0.00284EPSS
Exploits1References1
NVD
NVD
added 2026/05/22 8:16 p.m.11 views

CVE-2026-40610

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...

5.5CVSS0.00284EPSS
Exploits1References3
CVE
CVE
added 2026/05/22 7:47 p.m.24 views

CVE-2026-40610

CVE-2026-40610 affects BentoML prior to 1.4.39, where bentoml build traverses attacker-controlled symlinks in the build context and copies the target file contents into the generated Bento artifact. This leads to potential local-file disclosure (e.g., secrets, credentials, environment files) when...

5.5CVSS5.8AI score0.00284EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/22 7:47 p.m.13 views

CVE-2026-40610 BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...

5.5CVSS0.00284EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/07 4:39 p.m.13 views

BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context

Summary BentoML's bentoml build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento artifact. If a victim builds an untrusted repository or other attacker-supplied build context, the attacker can place a...

5.5CVSS5.7AI score0.00284EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from arbitrary file reading in the QQBot media tag, allowing attackers to reference local paths on hosts...

8.9CVSS5.9AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

Inkscape 代码问题漏洞

Inkscape is an open-source graphic editor developed by Inkscape itself. Prior to Inkscape 1.3, there were code-related vulnerabilities. These vulnerabilities stemmed from issues with the XInclude processing component, which allowed local file leaks. This could enable remote attackers to access...

6.3CVSS5.8AI score0.00202EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/26 9:59 p.m.21 views

CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

6.7CVSS0.00469EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 9:59 p.m.4 views

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

6.7CVSS5.9AI score0.00469EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/26 9:59 p.m.4 views

CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

6.7CVSS5.9AI score0.00469EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-6045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a...

6.5CVSS7.3AI score0.01537EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-6035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a...

8.8CVSS8AI score0.01533EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/07/25 3:4 p.m.2 views

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

7.5CVSS7.2AI score0.01199EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/07/10 3:10 p.m.2 views

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

7.5CVSS7.2AI score0.01199EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/11/08 12:0 a.m.4 views

Spiceworks Security Breach

Spiceworks is an IT management software from the Spiceworks community. It focuses on simplifying the process of inventorying, monitoring networks, and generating reports for IT professionals in small and medium-sized businesses. A security vulnerability exists in Spiceworks Help Desk Server...

9.9CVSS8.5AI score0.02023EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.3 views

SUSE CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

7.1CVSS8.7AI score0.0277EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.5 views

PowerArchiver 代码问题漏洞

PowerArchiver is a software application. It provides a function to compress and encrypt data A code issue vulnerability exists in PowerArchiver versions prior to 20.10.02, which stems from the XM parser used by the program that allows the processing of external entities, which could lead to the...

4.3CVSS5.3AI score0.00918EPSS
Exploits1References2
OSV
OSV
added 2020/07/15 3:15 p.m.2 views

UBUNTU-CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS5.8AI score0.00879EPSS
Exploits1References3
OSV
OSV
added 2019/11/25 3:15 p.m.3 views

DEBIAN-CVE-2019-13707

Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application...

5.5CVSS6.5AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2019/11/25 3:15 p.m.3 views

UBUNTU-CVE-2019-13707

Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application...

5.5CVSS6.7AI score0.0045EPSS
Exploits0References2
Rows per page
Query Builder