Lucene search
K

7 matches found

CVE
CVE
added 2026/01/08 6:22 p.m.15 views

CVE-2026-22257

CVE-2026-22257 (Salvo) : The Rust web framework Salvo is vulnerable prior to 0.88.1 due to the list_html function in the serve-static directory not sanitizing file/folder names when generating a folder view. This can enable stored cross-site scripting (XSS) when a site serves public files and use...

8.8CVSS6AI score0.003EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-10847

Malware in sbrugna...

8.8CVSS8.7AI score0.02962EPSS
Exploits5References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.5 views

CVE-2020-11701

An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...

8.8CVSS8.6AI score0.00496EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.7 views

PT-2025-6564 · WordPress · Wooodt Lite

Name of the Vulnerable Software and Affected Versions: WooODT Lite – Delivery & pickup date time location WooCommerce plugin for WordPress versions up to, and including, 2.5.1 Description: The issue concerns the /inc/bycwooodt get all orders.php file being publicly accessible and generating a...

5.3CVSS9.5AI score0.00386EPSS
Exploits0References7
Snyk
Snyk
added 2024/10/01 6:28 a.m.1 views

Directory Traversal

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via functions like getfile, servefile, and getavatar due to improperly restricting file paths. Attackers can access sensitive files via crafted requests containing malicious pat...

8.7CVSS7.6AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1921

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...

4.3CVSS6.6AI score0.05993EPSS
Exploits2References6
Prion
Prion
added 2018/11/11 4:29 a.m.9 views

Design/Logic Flaw

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload enabled by default. This can be used by an attacker to perform actions for an admin or any user with the file upload capability. With this vulnerability, one can automatically upload files by default, it allows html, pdf,...

6.8CVSS8.7AI score0.02962EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder