Lucene search
+L

4 matches found

OSV
OSV
added 3 days ago3 views

CVE-2026-15699 spencermountain compromise Public Root API extend.js nlp.extend prototype pollution

A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the argument plugin leads to improperly controlled modification of object prototype attributes. Remot...

5.3CVSS6.2AI score0.00256EPSS
Exploits0References9
Cvelist
Cvelist
added 2023/02/13 5:0 a.m.34 views

CVE-2022-25937

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715...

6.5CVSS6.5AI score0.0111EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.7 views

glance 路径遍历漏洞

glance is a dictionary visualization repository open-sourced by nlpweb. A security vulnerability exists in versions prior to glance 3.0.9 that stems from the presence of a directory traversal that allows users to read files outside of the public root directory...

6.5CVSS6.4AI score0.0111EPSS
Exploits1References3
Snyk
Snyk
added 2023/02/12 10:16 a.m.4 views

Directory Traversal

Overview glance is a quick disposable http server for static files. Affected versions of this package are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715. PoC Run...

6.5CVSS6.6AI score0.01417EPSS
Exploits2References2
Rows per page
Query Builder