Lucene search
K

116 matches found

CNVD
CNVD
added 2025/03/13 12:0 a.m.11 views

IBM Cognos Analytics Path Traversal Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A path traversal...

6.5CVSS6.6AI score0.00776EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/10 6:29 p.m.15 views

LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API

Description The LocalS3 project, an S3-compatible storage service, is vulnerable to XML External Entity XXE injection through its bucket tagging API. The vulnerability exists because the application processes XML input without properly disabling external entity resolution. When processing XML dat...

7.4AI score
Exploits0References3Affected Software1
CNVD
CNVD
added 2025/02/17 12:0 a.m.3 views

SonicWall NetExtender Windows client elevation of privilege vulnerability (CNVD-2025-12370)

SonicWall NetExtender Windows client is a software application from SonicWALL USA that allows remote users to connect to remote networks in a secure manner. Provides simple and secure access for Windows and Linux users. An elevation of privilege vulnerability exists in the SonicWall NetExtender...

5.5CVSS6.5AI score0.00194EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/05 6:30 a.m.12 views

Browsershot Local File Inclusion

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. Note: This is a bypass of the fix for CVE-2024-21549...

8.6CVSS6.5AI score0.00528EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.5 views

WordPress plugin ElementInvader Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.2AI score0.00663EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.5 views

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions 9.0, 10.0, and 10.1, which originates from a local file in an endpoint in the...

7.5CVSS6.3AI score0.00591EPSS
Exploits0References2
Veracode
Veracode
added 2024/12/16 5:34 a.m.8 views

Improper Input Validation

spatie/browsershot is vulnerable to Improper Input Validation. The vulnerability is due to improper URL validation through the setUrl method, allowing an attacker to exploit leading whitespace %20 before the file:// protocol, resulting in Local File Inclusion and potential access to sensitive fil...

8.6CVSS6.6AI score0.00584EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.5 views

WordPress plugin WP Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.5AI score0.0051EPSS
Exploits0References1
OSV
OSV
added 2024/10/17 6:12 p.m.4 views

CVE-2024-10100 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

6.5CVSS6.8AI score0.00612EPSS
Exploits1References3
NVD
NVD
added 2024/09/26 2:15 p.m.15 views

CVE-2024-46327

An issue in the Httphandle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal...

5.7CVSS0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.11 views

PT-2024-38449 · Trellix · Trellix Fx +5

Name of the Vulnerable Software and Affected Versions: Trellix NX, EX, FX, AX, IVX, and CMS affected versions not specified Description: An authenticated user can access restricted files from Trellix products using path traversal for the URL of network anomaly download artifact. This issue allows...

5.9CVSS6AI score0.00269EPSS
Exploits0References8
OSV
OSV
added 2024/07/24 4:15 p.m.7 views

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

9.1CVSS7.3AI score0.11414EPSS
Exploits6References4
NVD
NVD
added 2024/07/19 5:15 a.m.43 views

CVE-2024-21527

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-si...

8.8CVSS0.00574EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/07/17 8:44 a.m.18 views

CVE-2024-40617

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 M2M-GW for FENICS. If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result,...

6AI score0.01422EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.7 views

PT-2024-13676 · Unknown · Kiuwan Local Analyzer +1

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST version master.1808.p685.q13371 Description: The issue arises when the Kiuwan Local Analyzer uploads scan results to the Kiuwan SAST web application, which processes XML files containing external entities. This leads to an XML...

7.2CVSS7.3AI score0.0082EPSS
Exploits1References4
OSV
OSV
added 2024/04/19 5:15 a.m.3 views

CVE-2024-29967

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to...

6CVSS5.8AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2024/04/16 12:0 a.m.98 views

CVE-2024-3028

CVE-2024-3028 affects mintplex-labs/anything-llm. The issue is improper input validation in the system-preferences API where manipulating the logo_filename parameter can cause reading of arbitrary files (including .env) and deletion via remove-logo. Root cause: lack of proper sanitization of user...

7.2CVSS6.9AI score0.00834EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/19 4:28 p.m.16 views

CVE-2024-2442 Path Traversal vulnerability in Franklin Fueling System EVO 550/5000

Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system...

7.5CVSS7AI score0.00696EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/06 12:0 a.m.20 views

CVE-2023-49979

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

6.6AI score0.00745EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/28 12:0 a.m.13 views

CVE-2024-22723

Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...

6.7AI score0.00876EPSS
Exploits1References1
Rows per page
Query Builder