Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/01/29 12:0 a.m.8 views

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from improper parsing of USB HTTP access path links, which may allow custom USB devices to expose the contents of the root file system...

5.1CVSS5.8AI score0.00188EPSS
Exploits0References3
NVD
NVD
added 2025/11/14 7:16 p.m.4 views

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

8.6CVSS0.00267EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/14 12:0 a.m.3 views

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

7.5AI score0.00267EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/14 12:0 a.m.9 views

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

0.00267EPSS
Exploits1References1
CVE
CVE
added 2025/11/14 12:0 a.m.16 views

CVE-2025-63680

Nero BackItUp (Nero Productline) is affected by a path parsing/UI rendering flaw (CWE-22) that, in conjunction with Windows ShellExecuteW fallback extension resolution, enables arbitrary code execution when a user clicks a crafted entry. The mechanism: create a trailing-dot folder and place a scr...

8.6CVSS7.5AI score0.00267EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.3 views

PT-2025-50994

Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.8.3 macOS Tahoe versions prior to 26.1 macOS Sequoia versions prior to 15.7.3 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive...

5.5CVSS6.4AI score0.00192EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.2 views

PT-2025-44830

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive user data due to insufficient path...

5.5CVSS6.3AI score0.002EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/07 12:45 a.m.7 views

CVE-2025-58362

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:56 p.m.7 views

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS0.00498EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/04 11:56 p.m.2 views

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6AI score0.00498EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-36105

Name of the Vulnerable Software and Affected Versions: Hono versions 4.8.0 through 4.9.5 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw exists in the getPath utility function that could allow path confusion and potential bypass of...

7.5CVSS6.2AI score0.00498EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/05/14 1:56 a.m.5 views

firefox: thunderbird: Unsafe attribute access during XPath parsing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...

4.8CVSS7.3AI score0.00267EPSS
Exploits0References9
OSV
OSV
added 2018/08/15 5:29 p.m.6 views

CVE-2018-10917

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories...

6.5CVSS5.8AI score0.01067EPSS
Exploits0References2
Rows per page
Query Builder