Lucene search
K

147 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:4 a.m.7 views

CVE-2022-28147

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.5AI score0.00719EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.22 views

CVE-2022-36918

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.6AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.11 views

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

6.5CVSS6.8AI score0.00463EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 4:15 p.m.11 views

CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

7.5CVSS7.2AI score
Exploits0References4
OSV
OSV
added 2025/04/21 9:51 p.m.4 views

CLSA-2025-1745272309 ghostscript: Fix of 2 CVEs

CVE-2024-33869: fix path traversal and command execution vulnerability in base/gpmisc.c - CVE-2024-33870: fix path traversal vulnerability to prevent unauthorized access to arbitrary files by restricting access to permitted paths...

6.3CVSS6.8AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 1:27 p.m.44 views

CVE-2025-31554

Docxpresso (WordPress plugin) CVE-2025-31554: Path traversal allows arbitrary file download in Docxpresso versions up to 2.6. Root cause is improper pathname limitation. Exploitation status not detailed in provided docs; Patch status is Unpatched as of the Connected Wordfence listing. Affected: D...

5.9CVSS7.2AI score0.00417EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.6 views

PT-2025-6427 · WordPress · Aforms Eats

Name of the Vulnerable Software and Affected Versions: AForms Eats plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Full Path Disclosure, which occurs due to the /vendor/aura/payload-interface/phpunit.php file being publicly accessible and displaying...

5.3CVSS9.3AI score0.00385EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/01/27 8:54 a.m.10 views

CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

5.7AI score0.43312EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/27 8:54 a.m.18 views

CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

0.43312EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.3 views

Gradio 授权问题漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. An authorization issue vulnerability exists in Gradio versions prior to 5.6.0 that stems from a lack of normalization of the path validation logic...

8.7CVSS6.4AI score0.00836EPSS
Exploits1References2
OSV
OSV
added 2024/12/13 8:59 p.m.6 views

GO-2024-3293 Full access to the host's OS file system using osfs.FS with Router.Static in goyave.dev/goyave/v5

Static file serving using router.Static and osfs.FS allows clients to access any file on the host file system using relative paths because the requested path is not sanitized and . and .. segments are accepted. The files will be returned as a response, provided the system user running the Go...

6.9AI score
Exploits0References2
OSV
OSV
added 2024/12/13 1:18 p.m.3 views

OESA-2024-2546 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

5.3CVSS6.9AI score0.01043EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.4 views

SAMSUNG mobile 安全漏洞

SAMSUNG mobile is a cell phone from Samsung South Korea. A security vulnerability exists in SAMSUNG mobile prior to SMR-Dec-2024 Release 1, which originates from the use of an alternate path to bypass authentication and allow a physical attacker to temporarily access the recent applications list...

2.4CVSS6.5AI score0.0022EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/11/29 3:48 a.m.3 views

SUSE CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

6.5CVSS6.9AI score0.01043EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/05/10 4:19 p.m.13 views

CVE-2024-34245

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...

6.6AI score0.00818EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.2 views

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0 that stems from the ability to view the contents of a specified file in incoming logs when an arbitrary file path is used in the file system collector...

6.5CVSS6.6AI score0.00446EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.2 views

AutomationDirect C-MORE EA9 HMI 路径遍历漏洞

The AutomationDirect C-MORE EA9 HMI is a touchscreen from AutomationDirect, Inc. A path traversal vulnerability exists in the AutomationDirect C-MORE EA9 HMI that stems from not properly cleaning up content, allowing an attacker to perform path traversal over a URL...

7.5CVSS6.8AI score0.00618EPSS
Exploits0References2
OSV
OSV
added 2024/02/20 2:15 a.m.2 views

UBUNTU-CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

6.5CVSS6.9AI score0.00945EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/15 12:0 a.m.4 views

FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that originates from not restricting an add-in's access to , allowing the add-in to read any file that the host user is authorized to access...

6.3CVSS6.6AI score0.00506EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.5 views

PT-2024-1817 · Freebsd · Bhyveload +1

Name of the Vulnerable Software and Affected Versions: bhyveload versions prior to the fixed version Description: The issue is related to the bhyveload module in FreeBSD, which is associated with incorrect restriction of the host-path directory name with limited access. This could allow a remote...

7.8CVSS7.2AI score0.00506EPSS
Exploits0References7
Rows per page
Query Builder