Lucene search
K

122 matches found

OSV
OSV
added 2025/12/29 7:15 p.m.7 views

CVE-2025-14728

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to...

6.8CVSS5.6AI score0.00471EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/29 7:4 p.m.27 views

CVE-2025-14728 Rapid7 Velociraptor Directory Traversal Vulnerability

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to...

6.8CVSS0.00471EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.7 views

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2025-1317)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1317 advisory. wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly...

4.6CVSS6AI score0.00302EPSS
Exploits0References4
Amazon
Amazon
added 2025/12/08 12:0 a.m.6 views

Medium: curl

Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Issue Correction: Run dnf...

4.6CVSS6.6AI score0.00302EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/11/24 7:54 a.m.3 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

6.5CVSS7AI score0.00302EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/10 9:30 p.m.5 views

EUVD-2025-50804

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.4AI score0.00258EPSS
Exploits1References4
OSV
OSV
added 2025/11/10 8:15 p.m.2 views

UBUNTU-CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS7.1AI score0.00258EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2025/11/10 12:0 a.m.4 views

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS7.2AI score0.00258EPSS
Exploits1
OSV
OSV
added 2025/10/29 1:31 p.m.5 views

CLSA-2025-1761744708 git: Fix of CVE-2024-50349

CVE-2024-50349: fix issue where URLs can obfuscate the host asking for credentials, by using strbufaddpercentencode to sanitise the host name and port...

4.7CVSS7AI score0.00643EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-7261

Malware in sbrugna...

6.1CVSS6.6AI score0.01122EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-9467

Malware in sbrugna...

9.8CVSS7AI score0.0467EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0231

Malware in sbrugna...

7.8CVSS7.6AI score0.03288EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-1371

Malware in sbrugna...

7.5CVSS7.5AI score0.05596EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25724

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00181EPSS
Exploits0References5
CVE
CVE
added 2025/09/21 9:0 a.m.25 views

CVE-2025-6544

CVE-2025-6544 affects h2oai/h2o-3 up to version 3.46.0.8. The issue is a deserialization vulnerability that enables an attacker to read arbitrary system files and execute arbitrary code. Root cause: improper handling of JDBC connection parameters, exploitable via bypassing regular expression chec...

9.8CVSS9.5AI score0.00839EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-16393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. CVE-2019-16393 Note that Nessus...

6.1CVSS7AI score0.011EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/03/05 2:30 a.m.5 views

SUSE CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References50
GithubExploit
GithubExploit
added 2024/12/18 4:3 p.m.230 views

Exploit for Cross-site Scripting in Ruoyi

Authenticated SQL Injection in RuoYi v4.7.9 Bypass of CVE-202...

6.1CVSS8.4AI score0.00341EPSS
Exploits3
OSV
OSV
added 2024/01/30 4:15 p.m.6 views

DEBIAN-CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS7.8AI score0.00682EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2023/11/03 12:0 a.m.34 views

squid security update

7:5.5-5.el92.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 - Fix userinfo percent-encoding CVE-2023-46848...

7.9AI score0.85944EPSS
Exploits0
Rows per page
Query Builder