Lucene search
K

67 matches found

OSV
OSV
added 2026/03/19 7:34 p.m.3 views

GHSA-4JW9-5HRC-M4J6 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

7.6CVSS5.9AI score0.00254EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/03/05 10:2 p.m.5 views

CVE-2026-3606

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...

5.5CVSS3.9AI score0.00161EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/02/20 9:32 p.m.7 views

CVE-2026-2858

A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wrencompiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.1AI score0.00124EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/11/06 11:15 p.m.5 views

CVE-2025-58423

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:39 p.m.3 views

CVE-2021-47700 Nagios XI < 5.8.7 Insecure Permissions on Highcharts Temporary Directory

Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code...

8.5CVSS7AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2025/10/07 11:15 p.m.4 views

UBUNTU-CVE-2025-11414

A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function getlinkhashentry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and...

5.5CVSS5.9AI score0.00189EPSS
Exploits1References8
OSV
OSV
added 2025/10/07 10:15 p.m.4 views

UBUNTU-CVE-2025-11412

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and...

5.5CVSS5.5AI score0.00189EPSS
Exploits1References8
OSV
OSV
added 2025/10/07 10:2 p.m.4 views

CVE-2025-11413 GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds

A vulnerability was found in GNU Binutils 2.45. Affected is the function elflinkaddobjectsymbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used...

4.8CVSS5.2AI score0.00203EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12572

Malware in sbrugna...

4CVSS4.6AI score0.00391EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.8 views

NewStart CGSL MAIN 6.06 : postfix Multiple Vulnerabilities (NS-SA-2025-0220)

The remote NewStart CGSL host, running version MAIN 6.06, has postfix packages installed that are affected by multiple vulnerabilities: - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are...

6.8CVSS9.2AI score0.21646EPSS
Exploits13References9
OSV
OSV
added 2025/09/11 5:15 p.m.5 views

UBUNTU-CVE-2025-39790

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointer to process all of the TREs between it and...

7.8CVSS6.7AI score0.00143EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-21164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Difficult ...

2.5CVSS6.4AI score0.00457EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/05/26 4:15 a.m.2 views

CVE-2025-5167

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The...

5.5CVSS7.3AI score0.00208EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.3 views

CVE-2021-28100

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process...

5.5CVSS6.1AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2025/04/10 2:15 p.m.4 views

CVE-2023-43035

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.5 views

The vulnerability of the nfs_local_read_done() function in the fs/nfs/localio.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nfslocalreaddone function in the fs/nfs/localio.c module of the Linux kernel is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

7.8CVSS7.3AI score0.00193EPSS
Exploits0References8Affected Software2
Debian CVE
Debian CVE
added 2024/12/29 11:30 a.m.8 views

CVE-2024-56740

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: must clear res.replen in nfslocalreaddone Otherwise memory corruption can occur due to NFSv3 LOCALIO reads leaving garbage in res.replen: - nfs3readdone copies that into server-readhdrsize; from there nfs3procreadset...

7.8CVSS6.4AI score0.00193EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.5 views

PT-2024-28245 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p23 Checkmk versions prior to 2.2.0p38 Checkmk versions prior to or equal to 2.1.0p49 Description: The issue is related to incorrect permissions on the Checkmk Windows Agent's data directory, allowing a local...

4.8CVSS6.7AI score0.0018EPSS
Exploits0References5
Amazon
Amazon
added 2024/12/12 12:0 a.m.4 views

Medium: apr

Issue Overview: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr...

5.5CVSS7.5AI score0.00332EPSS
Exploits0
NVD
NVD
added 2024/04/10 5:15 p.m.24 views

CVE-2024-1728

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

7.5CVSS7.7AI score0.85393EPSS
Exploits2References2
Rows per page
Query Builder