Lucene search
+L

219 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29749

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00164EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-51439

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00165EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-50654

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00392EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2025/10/03 12:0 a.m.4 views

PT-2025-40603

Name of the Vulnerable Software and Affected Versions Anyquery versions 0.4.3 and below Description Anyquery is an SQL query engine built on top of SQLite. Attackers who have gained access to localhost, even with low privileges, can use the http server through the port unauthenticated and access...

7.7CVSS7.3AI score0.00143EPSS
Exploits0References9
redhatcve
redhatcve
added 2025/09/19 5:33 p.m.6 views

CVE-2025-58432

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

7.8CVSS7AI score0.00164EPSS
Exploits1References1
cvelist
cvelist
added 2025/09/17 5:31 p.m.12 views

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

6.7CVSS0.00164EPSS
Exploits1References1
cve
cve
added 2025/09/17 5:31 p.m.20 views

CVE-2025-58432

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) contains a local privilege-escalation flaw in the /v2_1/files/file/uploadV2 API. In versions before and including 1.4.1, any user with localhost access can upload files via this endpoint and have them executed with root privileges, enab...

7.8CVSS6.6AI score0.00164EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/09/17 5:31 p.m.5 views

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

6.7CVSS6.6AI score0.00164EPSS
Exploits1References1
osv
osv
added 2025/09/17 5:31 p.m.6 views

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

6.7CVSS7AI score0.00164EPSS
Exploits1References3
cvelist
cvelist
added 2025/09/17 5:25 p.m.13 views

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.1CVSS0.00191EPSS
Exploits1References1
osv
osv
added 2025/09/17 5:25 p.m.5 views

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.1CVSS6.8AI score0.00191EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/09/17 12:0 a.m.6 views

PT-2025-38236

Name of the Vulnerable Software and Affected Versions: ZimaOS versions prior to 1.4.2 Description: ZimaOS, a fork of CasaOS, is susceptible to a file read issue. The /v2 1/files/file/download API endpoint allows unauthorized file access from any user with localhost access. File reads are executed...

6.1CVSS6.4AI score0.00191EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/09/17 12:0 a.m.5 views

ZimaOS 安全漏洞

ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS 1.4.1 and earlier versions that originates in the /v21/files/file/uploadV2 endpoint that allows a...

7.8CVSS6.8AI score0.00164EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/09/17 12:0 a.m.8 views

PT-2025-38241

Name of the Vulnerable Software and Affected Versions: ZimaOS versions prior to 1.4.1 Description: ZimaOS, a fork of CasaOS, is susceptible to a file upload issue. The /v2 1/files/file/uploadV2 API endpoint permits file uploads from any user with localhost access, and these uploads are executed...

6.7CVSS6.7AI score0.00164EPSS
Exploits1References3
cvelist
cvelist
added 2025/08/25 9:48 p.m.9 views

CVE-2025-57814 request-filtering-agent SSRF Bypass via HTTPS Requests

request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...

6.9CVSS0.00427EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/08/25 9:48 p.m.1 views

CVE-2025-57814 request-filtering-agent SSRF Bypass via HTTPS Requests

request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...

6.9CVSS7.1AI score0.00427EPSS
Exploits0References2
cve
cve
added 2025/08/25 9:48 p.m.23 views

CVE-2025-57814

CVE-2025-57814 affects the http(s).Agent implementation in request-filtering-agent. Vulnerability: HTTPS requests to 127.0.0.1 bypass IP filtering, allowing potential access to internal HTTPS services and bypass of SSRF protection when user-supplied URLs are used. HTTP requests are blocked as int...

6.9CVSS6.5AI score0.00427EPSS
Exploits0References2
osv
osv
added 2025/08/25 9:48 p.m.10 views

GHSA-PW25-C82R-75MM request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1

request-filtering-agent versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. Impact: Vulnerable patterns requests that should be blocked but are allowed: - https://127.0.0.1:443/api -...

6.9CVSS6.4AI score0.00427EPSS
Exploits0References4
cve
cve
added 2025/08/14 3:2 p.m.21 views

CVE-2025-8964

CVE-2025-8964 affects code-projects’ Hostel Management System 1.0, specifically the Login component via the hostel_manage.exe file. The vulnerability is described as improper authentication, enabling a local-host attack. The PT-2025-33299 entry confirms the issue and states the exploit has been p...

7.8CVSS7AI score0.0026EPSS
Exploits1References7Affected Software1
veracode
veracode
added 2025/08/11 6:35 a.m.5 views

Server-Side Request Forgery (SSRF)

webfinger.js is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restriction on localhost access because the lookup function fails to block requests to local or internal network services, allowing attackers to craft requests targeting internal resources...

6.9CVSS7AI score0.006EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder