Lucene search
+L

8753 matches found

nvd
nvd
added 2026/05/28 4:16 p.m.18 views

CVE-2026-44358

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS0.00181EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/28 2:28 p.m.37 views

CVE-2026-44358 Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS0.00181EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/28 2:28 p.m.9 views

CVE-2026-44358 Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00181EPSS
Exploits0References2
cve
cve
added 2026/05/28 2:28 p.m.26 views

CVE-2026-44358

The CVE-2026-44358 affects Espressif Shared GitHub DangerJS, a reusable GitHub Action for Espressif projects. Before 1.0.1, the action’s entrypoint.sh invoked DangerJS from the caller’s workspace after copying the fork’s checkout, creating an untrusted search path for binary and Node.js module re...

8.2CVSS6AI score0.00181EPSS
Exploits0References2
osv
osv
added 2026/05/28 2:28 p.m.2 views

CVE-2026-44358 Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6.1AI score0.00181EPSS
Exploits0References4
euvd
euvd
added 2026/05/28 2:28 p.m.12 views

EUVD-2026-32908

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00181EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/28 2:24 p.m.11 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.13 views

PT-2026-44387

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00181EPSS
Exploits0References3
nvd
nvd
added 2026/05/27 9:16 a.m.23 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS0.00139EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/27 8:25 a.m.15 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References2
euvd
euvd
added 2026/05/27 8:25 a.m.16 views

EUVD-2023-60578

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/27 8:25 a.m.40 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS0.00139EPSS
Exploits0References1
cve
cve
added 2026/05/27 8:25 a.m.31 views

CVE-2023-52945

CVE-2023-52945 describes an "Uncontrolled search path element" vulnerability in the OpenSSL DLL component of Synology BeeDrive for desktop, affecting versions prior to 1.3.2-13814. The issue enables local users to trigger arbitrary code execution via unspecified vectors, with a local attack poten...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/05/27 7:17 a.m.17 views

CVE-2025-41670

Technical details about CVE-2025-41670 are not publicly available in the provided documents. Monitor for updates from official advisories; no affected products, vulnerable components, or remediation are specified here.

8.7CVSS5.8AI score0.0019EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/27 7:17 a.m.8 views

CVE-2025-41670 Untrusted Search Path

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.8AI score0.0019EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/27 7:17 a.m.32 views

CVE-2025-41670 Untrusted Search Path

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS0.0019EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.11 views

Synology BeeDrive 代码问题漏洞

Synology BeeDrive is a backup and synchronization device developed by Synology Inc. Versions of Synology BeeDrive prior to 1.3.2-13814 contained a code vulnerability. This vulnerability stemmed from an uncontrolled search path element within the OpenSSL DLL component, which could allow local user...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
redhat
redhat
added 2026/05/26 11:31 p.m.2 views

postgresql: PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

A flaw was found in PostgreSQL CREATE TYPE handling for multirange types. The database failed to properly verify schema CREATE privileges during multirange type creation. An authenticated database user could exploit this issue to hijack queries that rely on searchpath resolution for user-defined ...

5.4CVSS6.3AI score0.00159EPSS
Exploits0References5
snyk
snyk
added 2026/05/26 6:40 p.m.7 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path via the DirPage process. An attacker can execute arbitrary code with the privileges of the server process by placing a handler.lua file in any parent directory above the configured server root and making an HTTP...

9.2CVSS6.2AI score0.00437EPSS
Exploits0References2
susecve
susecve
added 2026/05/23 1:43 a.m.24 views

SUSE CVE-2015-2667

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory...

7.2CVSS5.8AI score0.00776EPSS
Exploits2References3
Rows per page
Query Builder