Lucene search
+L

146 matches found

RedhatCVE
RedhatCVE
added 2025/12/10 7:22 p.m.7 views

CVE-2025-11531

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...

4.8CVSS7.1AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 6:29 p.m.20 views

CVE-2025-11531

The CVE describes a vulnerability in HP System Event Utility and HP Omen Gaming Hub where certain files could be executed outside restricted paths, potentially enabling arbitrary code execution. Affected software: HP System Event Utility versions before 3.2.12 and Omen Gaming Hub versions before ...

8.8CVSS6.7AI score0.00346EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/12/09 6:29 p.m.30 views

CVE-2025-11531 HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...

4.8CVSS0.00346EPSS
Exploits0References1
NVD
NVD
added 2025/12/03 5:15 p.m.6 views

CVE-2024-32643

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

7.5CVSS0.00318EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/19 8:3 p.m.10 views

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the middleware uses context.url.pathname without applying the...

6.9CVSS6.5AI score0.00514EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/11/18 9:15 a.m.10 views

CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS6AI score0.01052EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.3 views

SolarWinds Serv-U 15.5.3 Multiple Vulnerabilities

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the solarwindsserv-u1553 advisory. - A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor wi...

9.1CVSS6.3AI score0.01052EPSS
Exploits1References6
Veracode
Veracode
added 2025/11/13 6:52 a.m.9 views

Improper Input Validation

github.com/opencontainers/runc is vulnerable to improper input validation. The vulnerability is due to insufficient verification of the bind-mount source /dev/null, which allows an attacker to exploit it via arbitrary mount manipulation, leading to host information disclosure, denial of service,...

7.8CVSS8AI score0.0067EPSS
Exploits2References7Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12231

Malicious code in bioql PyPI...

9.3CVSS3.6AI score0.00829EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.8 views

NewStart CGSL MAIN 6.06 : perl Multiple Vulnerabilities (NS-SA-2025-0211)

The remote NewStart CGSL host, running version MAIN 6.06, has perl packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count...

9.8CVSS7.8AI score0.62202EPSS
Exploits22References35
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-1002153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. CVE-2017-1002153 Note that Nessus...

7.5CVSS7.1AI score0.01142EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-43415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission...

8.8CVSS7AI score0.01182EPSS
Exploits0References2
OSV
OSV
added 2025/08/18 4:44 p.m.6 views

CVE-2025-55282 aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of searchpath restriction, an attacke...

9.1CVSS7.1AI score0.00675EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-2454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated...

7.2CVSS7AI score0.0119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-1757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final,...

8.1CVSS7.2AI score0.01584EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/08/08 7:50 p.m.12 views

K000152931: Multiple PostgreSQL vulnerabilities

Security Advisory Description CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other...

8.8CVSS7.8AI score0.04322EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/07/28 1:56 p.m.9 views

tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

7.5CVSS7.1AI score0.03163EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/05/05 12:0 a.m.6 views

The vulnerability of the cross-platform integrated development environment JetBrains Rider, related to bypassing the relative path, allows a malicious user to gain read, modify, or delete access to data.

The vulnerability of the cross-platform integrated software development environment JetBrains Rider is related to the exploitation of a relative path. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain read, modify, or delete access to data...

5.5CVSS5.4AI score0.00321EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/14 7:15 p.m.7 views

PYSEC-2025-118

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

7.5CVSS5.8AI score0.0085EPSS
Exploits1References1
Snyk
Snyk
added 2024/12/13 7:3 a.m.5 views

Directory Traversal

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read...

8.7CVSS7.6AI score0.00923EPSS
Exploits0References2
Rows per page
Query Builder