Lucene search
+L

102 matches found

CNNVD
CNNVD
added 2025/12/04 12:0 a.m.4 views

Laravel File Manager 安全漏洞

Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from the unzip function not adequately validating the extraction path, potentially leading to a directory travers...

9.1CVSS6.5AI score0.00894EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.13 views

PT-2025-45544

Name of the Vulnerable Software and Affected Versions WPFunnels plugin for WordPress versions up to and including 3.6.2 Description The WPFunnels plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server...

6.5CVSS7.4AI score0.00716EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/29 7:36 p.m.3 views

CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

9.8CVSS7.7AI score0.02878EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 7:36 p.m.6 views

CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

9.8CVSS7.8AI score0.02878EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/06 5:16 a.m.3 views

CVE-2025-57781

The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7AI score0.0015EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/06 5:16 a.m.13 views

CVE-2025-57781

The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.6 views

PT-2025-40850

Name of the Vulnerable Software and Affected Versions DENSO TEN drive recorder viewer affected versions not specified Description The installers for the software contain a flaw in how they handle Dynamic Link Library DLL search paths. This can result in the loading of insecure DLLs, potentially...

8.4CVSS7.8AI score0.0015EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/12 1:2 a.m.2 views

CVE-2025-10275 YunaiV yudao-cloud transfer improper authorization

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

6.5CVSS6.2AI score0.00296EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.8 views

TkEasyGUI 代码问题漏洞

TkEasyGUI is a GUI library in Python by the individual developer kujirahand. A code issue vulnerability exists in TkEasyGUI versions prior to 1.0.22, which stems from improper control of the search path element and could allow execution of arbitrary code with program run privileges...

8.5CVSS7.9AI score0.0015EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.5 views

Harness 安全漏洞

Harness is a development platform open-sourced by Harness. A security vulnerability exists in Harness versions prior to 3.3.0, which stems from an improperly cleaned upload path that could lead to arbitrary file writes...

8.8CVSS6.5AI score0.00534EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-49084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and...

8.8CVSS7.8AI score0.63774EPSS
Exploits4References2
OSV
OSV
added 2025/08/09 8:15 p.m.9 views

CVE-2025-8773

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

9.8CVSS5.7AI score0.0061EPSS
Exploits1References4
Snyk
Snyk
added 2025/06/23 3:40 p.m.3 views

Server-side Request Forgery (SSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of th...

6.9CVSS7.2AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/22 1:17 p.m.8 views

CVE-2024-12217

A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...

5.3CVSS6.8AI score0.0064EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/20 12:0 a.m.9 views

The vulnerability of Dream Report and AVEVA Reports for Operations, which are used for generating production reports and analytics, stems from errors in processing the relative path to the catalog. This allows an attacker to execute arbitrary code.

The vulnerability of Dream Report and AVEVA Reports for Operations, which are used for generating production reports and analytics, is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow an attacker to execute arbitrary code by loading a...

7.8CVSS6AI score0.00302EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/24 12:0 a.m.16 views

The vulnerability affects the file function /tmp/out of the Tesseract component of the software suite for processing, transforming, and generating Ghostscript documents. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...

7.8CVSS6.4AI score0.01137EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2024/06/05 7:15 p.m.7 views

CVE-2024-36670

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component admin/vpsClassdeal.php?mudi=del...

8.8CVSS5.8AI score0.00289EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/01/22 12:0 a.m.9 views

The vulnerability of the NEXO-OS operating system in the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner tools for installation work in production lines allows a hacker to load arbitrary files and execute arbitrary codes.

The vulnerability of the NEXO-OS operating system for tools used in production line assembly work, such as the Bosch Nexo cordless nutrunner and the Bosch Nexo special cordless nutrunner, is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this...

9CVSS8AI score0.01088EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/12/23 2:38 a.m.5 views

SUSE CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

8.8CVSS8.8AI score0.63774EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2023/08/01 9:30 a.m.8 views

openssh: Remote code execution in ssh-agent PKCS#11 support

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

9.8CVSS8.1AI score0.76768EPSS
Exploits10References5
Rows per page
Query Builder