Lucene search
K

225 matches found

Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.5 views

PT-2023-26560 · Unknown · Cypress-Image-Snapshot

Name of the Vulnerable Software and Affected Versions: cypress-image-snapshot versions prior to 8.0.2 Description: The issue allows a user to pass a relative file path for the snapshot name, potentially reaching outside of the project directory into the machine running the test. This can be...

6.5CVSS6.3AI score0.00795EPSS
Exploits1References8
Veracode
Veracode
added 2023/07/21 1:58 a.m.27 views

Path Traversal

org.openrefine is vulnerable to Path Traversal. The vulnerability exists because the OpenRefine project tar files are not properly escaping their root directory in the untar function of FileProjectManager.java, which allows an attacker to access files outside the expected directory using relative...

7.8CVSS7.1AI score0.00632EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/09 12:0 a.m.39 views

Arbitrary file read using percent-encoded relative paths in FileMiddleware

Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware...

8.5CVSS6.9AI score0.0153EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/05/15 9:15 p.m.22 views

CVE-2023-32309

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

7.5CVSS7.6AI score0.01815EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/15 8:42 p.m.25 views

CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

7.5CVSS7.7AI score0.01815EPSS
Exploits1References2
Veracode
Veracode
added 2023/05/12 1:51 a.m.20 views

Path Traversal

spring-boot-actuator-logview is vulnerable to Path Traversal. The vulnerability exists in the securityCheck function of LogViewEndpoint.java because it does not properly validate relative paths, allowing an attacker to access files outside the expected directory through the path such as /usr/outn...

5.3CVSS6.4AI score0.00749EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/05/03 3:54 a.m.19 views

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability exists due to the improper source validation in the validatesource function of handlers.py, which allows an attacker to access files outside the expected directory through relative paths...

7.5CVSS7.2AI score0.04153EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/20 9:28 p.m.20 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

7.1CVSS5.7AI score0.0045EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/04/20 9:28 p.m.35 views

GHSA-CQF3-VPX7-RXHW Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

7.1CVSS6.1AI score0.0045EPSS
Exploits0References6
RubySec
RubySec
added 2023/04/20 12:0 a.m.27 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

7.1CVSS6.5AI score0.0045EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:31 a.m.3 views

SUSE CVE-2014-1507

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object...

9.3CVSS7AI score0.01105EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.5 views

SUSE CVE-2017-5454

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird 52.1,...

7.5CVSS6.5AI score0.0252EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.4 views

SUSE CVE-2017-17042

lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...

5.3CVSS7.7AI score0.02894EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.3 views

SUSE CVE-2018-18586

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...

5.3CVSS9AI score0.03284EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.5 views

SUSE CVE-2022-32190

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...

7.5CVSS7.3AI score0.01676EPSS
Exploits0References5
Veracode
Veracode
added 2023/02/15 2:32 a.m.13 views

Path Traversal

glance is vulnerable to Path Traversal. The vulnerability exists because the library does not properly sanitize relative paths in index.js, allowing an attacker to read files outside the public root directory by providing malicious relative paths...

6.5CVSS6.1AI score0.0111EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/01/26 2:49 a.m.24 views

Path Traversal

pgadmin4 is vulnerable to Path Traversal. The vulnerability exists because the library does not properly sanitize the relative paths, allowing attackers to access other users directories and files by providing malicious relative paths...

6.5CVSS6.4AI score0.08826EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.4 views

go-unzip 路径遍历漏洞

Package go-unzip is a very simple library from the personal developer Dariusz Prząda. It is used to extract zip archives. A path traversal vulnerability exists in go-unzip, which stems from an incorrect path, where an archive containing relative file paths may cause files to be written or...

9.1CVSS8.1AI score0.01249EPSS
Exploits1References5
OSV
OSV
added 2022/09/13 6:15 p.m.2 views

DEBIAN-CVE-2022-32190

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...

7.5CVSS6.9AI score0.01676EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/13 6:15 p.m.1 views

CVE-2022-32190

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...

7.5CVSS5.4AI score0.01676EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder