Lucene search
K

339 matches found

OSV
OSV
added 2025/09/08 11:35 p.m.6 views

CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

8.8CVSS6.5AI score0.00568EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/09/08 1:31 a.m.4 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/09/08 1:27 a.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/09/08 1:17 a.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/07 4:49 p.m.5 views

Malicious code in netmanagement (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9af8bc10bc4f751ad03dbe8257d2d8c49941accbf8b8fe6149d17a457fc56811 The package appears to be a PoC of overwriting "requests" package files. The new "requests/init.py" takes over common requests features and uses the...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/09/07 4:49 p.m.2 views

MAL-2025-191802 Malicious code in netmanagement (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9af8bc10bc4f751ad03dbe8257d2d8c49941accbf8b8fe6149d17a457fc56811 The package appears to be a PoC of overwriting "requests" package files. The new "requests/init.py" takes over common requests features and uses the...

6.7AI score
Exploits0References1
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.3 views

Linenoise 安全漏洞

Linenoise is an application by the individual developer Salvatore Sanfilippo. A security vulnerability exists in Linenoise that stems from a competing condition on history paths that could lead to arbitrary file overwrites and permission changes...

6.8CVSS6.4AI score0.00099EPSS
Exploits0References3
NVD
NVD
added 2025/08/28 9:15 a.m.3 views

CVE-2025-54819

Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker...

7.1CVSS0.00425EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/26 9:2 p.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34096

Name of the Vulnerable Software and Affected Versions Xion Audio Player versions prior to 1.0.126 Description A Unicode-based stack buffer overflow occurs when opening a specially crafted .m3u playlist file. The file contains an excessively long string that overwrites the Structured Exception...

8.4CVSS6.2AI score0.00322EPSS
Exploits0References9
OSV
OSV
added 2025/08/18 4:36 p.m.9 views

CVE-2025-55214 Copier safe template has filesystem write access outside destination path

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS6.7AI score0.00244EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-10773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys...

7.8CVSS7.2AI score0.01505EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/08/13 3:33 p.m.2 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/08/13 3:25 p.m.2 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/08/12 12:47 a.m.11 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
OSV
OSV
added 2025/08/11 7:40 p.m.6 views

CLSA-2025-1754941200 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

6.8CVSS7AI score0.58204EPSS
Exploits9References1
OSV
OSV
added 2025/08/11 7:21 p.m.7 views

CLSA-2025-1754940060 Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835

SECURITY UPDATE: multiple vulnerabilities in Gitk and Git GUI - debian/patches/CVE-2025-27614CVE-2025-27613CVE-2025-46835.patch: Prevent script execution via specially crafted filenames in Gitk. Sanitize filename handling to avoid unintended file creation/truncation. Validate directory names in G...

8.6CVSS5.9AI score0.00314EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/08/11 7:49 a.m.4 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

CBL Mariner 2.0 Security Update: vim (CVE-2025-53905)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53905 advisory. - Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's...

4.1CVSS6.6AI score0.00242EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/02 12:0 a.m.9 views

Traefik 安全漏洞

Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A security vulnerability exists in Traefik versions 2.11.27 and earlier, 3.0.0 through 3.4.4, and 3.5.0-rc1, which stems from a path traversal in the WASM plugin installation mechanism that could lead to...

9.8CVSS6.4AI score0.01071EPSS
Exploits0References6
Rows per page
Query Builder