Lucene search
+L

372 matches found

EUVD
EUVD
added 2026/01/26 9:53 p.m.6 views

EUVD-2026-4656

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/26 9:2 p.m.4 views

Relative Path Traversal

Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Relative Path Traversal via the commandsFromBin function when performing bin name validation and normalization. An attacker can create or overwrite arbitrary files outside the...

7.4CVSS6AI score0.00438EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.12 views

Siri Shortcuts MCP Server: Operating System Command Injection Vulnerability

Siri Shortcuts MCP Server is a tool developed by David as an integrated voice assistant and a context-based protocol server for large models. The Siri Shortcuts MCP Server has a vulnerability related to operating system command injection, which stems from insufficient validation of the shortcutNa...

7.8CVSS7.3AI score0.00658EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.8 views

Containerization security vulnerabilities

Containerization is an open-source Swift container package developed by Apple. There is a security vulnerability in Containerization, which stems from the lack of path name validation before extracting archived members. This vulnerability may allow files to be extracted to any writable location b...

7.8CVSS5.8AI score0.00244EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.8 views

Bdtask Isshue Cross-Site Script Vulnerability

Bdtask Isshue is a multi-store e-commerce shopping cart software developed by Bdtask Inc. Bdtask Isshue has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of the productname parameter in POST requests sent to /categoryproductsearch, which may lead to...

5.1CVSS5.7AI score0.00262EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : java-11-openjdk-11.0.20.0.8-1.el7 (AXSA:2023-6250:13)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6250:13 advisory. OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 OpenJDK: improper...

7.5CVSS8.1AI score0.01812EPSS
Exploits0References7
MariaDBUnix
MariaDBUnix
added 2025/12/23 9:40 p.m.8 views

CVE-2025-13699

Disclaimer: This data contains information about vulnerable...

7CVSS7AI score0.00414EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/12/23 9:40 p.m.8 views

CVE-2025-13699

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors m...

7CVSS7.1AI score0.00414EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/20 12:13 a.m.16 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS6.8AI score0.00368EPSS
Exploits1References1
NVD
NVD
added 2025/12/19 2:16 a.m.10 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS0.00368EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-40362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in...

6.1AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2025/12/15 7:37 p.m.10 views

GO-2025-4218 memos lacks file name validation or verification in github.com/usememos/memos

memos lacks file name validation or verification in github.com/usememos/memos...

4.3CVSS6.9AI score0.00185EPSS
Exploits1References7
Veracode
Veracode
added 2025/12/13 4:40 a.m.13 views

Path Traversal

io.github.wwwlike, vlife-base is vulnerable to Path Traversal. The vulnerability is due to improper validation of the fileName argument in the create function of SysFileApi.java, which allows a remote attacker to manipulate file paths and perform unauthorized file access via path traversal...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/12/12 12:0 a.m.16 views

CVE-2025-67819

CVE-2025-67819 affects Weaviate OSS up to version 1.33.4. The issue is caused by lack of validation of the fileName field in the transfer logic, enabling an attacker who can invoke the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationService is reachable t...

4.9CVSS6.5AI score0.00435EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/08 6:30 p.m.7 views

EUVD-2025-201721

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS6.6AI score0.00185EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.11 views

memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7.1AI score0.00185EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/12/08 6:30 p.m.5 views

GHSA-QGJP-5G5X-VHQ2 memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7AI score0.00185EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.7 views

PT-2025-49571

Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A missing check on file names in the Attachment service allows attackers to perform a path traversal attack. This impacts the usememos memos software. Recommendations Update to a newer version that...

4.3CVSS6.6AI score0.00185EPSS
Exploits1References7
CVE
CVE
added 2025/12/08 12:0 a.m.12 views

CVE-2025-65799

The CVE-2025-65799 entry refers to usememos memos v0.25.2 lacking file name validation in the Attachment service, enabling path traversal. Affected component: github.com/usememos/memos/server/router/api/v1 (Attachment handling). Root cause: missing validation/verification of uploaded file names l...

4.3CVSS6.7AI score0.00185EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/08 12:0 a.m.12 views

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7AI score0.00185EPSS
Exploits1References4
Rows per page
Query Builder