Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

196 matches found

OSV
OSVadded 2021/12/22 7:15 p.m.4 views

CVE-2021-21905

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

7.2CVSS7.6AI score0.00953EPSS
Exploits1References1
NVD
NVDadded 2021/12/22 7:15 p.m.10 views

CVE-2021-21905

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

8.5CVSS0.00953EPSS
Exploits1References1
Huntr
Huntradded 2021/06/25 10:53 a.m.7 views

in hascheksolutions/opentrashmail

✍️ Description Attackers can control the filesystem path argument to readfile at api.php line 35 for ?email= parameter, which allows them to access or modify otherwise protected files. Analysis Trace: 1. application take unsensitized input at: $email = strtolower$REQUEST'email'; 2. Assigning user...

2.5AI score
Exploits0References1
Node.js
Node.jsadded 2021/05/18 1:57 a.m.70 views

Path traversal in rollup-plugin-serve

Overview Path traversal in rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation. Recommendation Upgrade to version 1.0.2 or later References - CVE - GitHub Advisory...

7.5CVSS3.3AI score0.01474EPSS
Exploits0Affected Software1
NVD
NVDadded 2021/03/11 10:15 p.m.18 views

CVE-2021-28154

Camunda Modeler aka camunda-modeler through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it...

9.1CVSS0.01481EPSS
Exploits1References1
OSV
OSVadded 2021/03/11 10:15 p.m.5 views

CVE-2021-28154

Camunda Modeler aka camunda-modeler through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it...

9.1CVSS7AI score
Exploits0References1
CNVD
CNVDadded 2020/08/05 12:0 a.m.2 views

rollup-plugin-serve path traversal vulnerability

rollup-plugin-serve is a module bundler package for JavaScript. A security vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-server, which stems from the program's failure to clean up paths. No details of the vulnerability are available at...

7.5CVSS6.9AI score0.01768EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2020/07/29 6:7 p.m.39 views

Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

7.5CVSS7.3AI score0.01768EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2020/07/29 6:7 p.m.48 views

Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

7.5CVSS3.9AI score0.01768EPSS
Exploits1References3Affected Software1
Veracode
Veracodeadded 2020/07/27 6:42 a.m.11 views

Directory Traversal

rollup-plugin-dev-server is vulnerable to directory traversal. The vulnerability exists through the lack of sanitization of the file path used in the readFile function...

7.5CVSS3.8AI score0.01768EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2020/07/27 3:2 a.m.15 views

Path Traversal

rollup-plugin-server is vulnerable to path traversal attack. The vulnerability exists due to a lack of proper handling of user-provided path parameters in the readFile operation performed inside the readFileFromContentBase function, allowing an attacker to access arbitrary system files using...

7.5CVSS4.4AI score0.01768EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2020/07/25 9:15 a.m.10 views

CVE-2020-7686

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References1
NVD
NVDadded 2020/07/25 9:15 a.m.23 views

CVE-2020-7683

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References1
Prion
Prionadded 2020/07/25 9:15 a.m.13 views

Path traversal

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

5CVSS7.5AI score0.01768EPSS
Exploits1References1
Prion
Prionadded 2020/07/25 9:15 a.m.14 views

Path traversal

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

5CVSS7.5AI score0.01768EPSS
Exploits1References1
CVE
CVEadded 2020/07/25 8:40 a.m.53 views

CVE-2020-7686

CVE-2020-7686 affects all versions of rollup-plugin-dev-server. The issue is a directory traversal vulnerability caused by lack of path sanitization in the readFile operation within the readFileFromContentBase function, enabling potential access to arbitrary files. Multiple sources (NVD, CVE list...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2020/07/25 8:40 a.m.13 views

CVE-2020-7686 Directory Traversal

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References1
Cvelist
Cvelistadded 2020/07/25 8:35 a.m.24 views

CVE-2020-7683 Directory Traversal

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References1
NVD
NVDadded 2020/07/17 8:15 a.m.24 views

CVE-2020-7684

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

9.8CVSS0.01474EPSS
Exploits0References2
Prion
Prionadded 2020/07/17 8:15 a.m.22 views

Design/Logic Flaw

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

7.5CVSS9.4AI score0.01474EPSS
Exploits0References2
Rows per page
Query Builder