Lucene search
K

895 matches found

CNNVD
CNNVD
added 2024/08/23 12:0 a.m.4 views

mage-ai 安全漏洞

mage-ai is a modern replacement for Airflow in the Mage open source. A security vulnerability exists in mage-ai that stems from a path traversal vulnerability that allows a remote user with the Viewer role to leak arbitrary files from a Mage server via a Pipeline Interaction request...

6.5CVSS8.5AI score0.00859EPSS
Exploits1References2
OSV
OSV
added 2024/08/16 8:15 p.m.5 views

CVE-2024-43011

An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary file...

4.9CVSS5.9AI score0.00672EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.5 views

ZZCMS 安全漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. Directory traversal vulnerability exists in ZZCMS 2023 and previous versions, the vulnerability stems from insufficient validation and filtering of user-input file paths, which can be exploited by an attacker to delete arbitrary...

4.9CVSS7AI score0.00672EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.7 views

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.5CVSS6.5AI score0.00507EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.12 views

PT-2024-38101 · WordPress · Tainacan

Name of the Vulnerable Software and Affected Versions: Tainacan plugin for WordPress versions up to, and including, 0.21.7 Description: The issue is related to a missing capability check on the get file function, which is also vulnerable to directory traversal. This allows authenticated attackers...

6.5CVSS6.9AI score0.0269EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.5 views

Devika 路径遍历漏洞

Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. A security vulnerability exists in Devika v1. The vulnerability stems from...

9.1CVSS9.1AI score0.11414EPSS
Exploits6References6
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.5 views

PT-2024-6222

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.11 through 2.11.8 libxml2 versions 2.12 through 2.12.8 libxml2 versions 2.13 through 2.13.2 Description The issue is related to the SAX parser in libxml2, which can produce events for external entities even if custom SAX...

9.4CVSS7.7AI score0.01192EPSS
Exploits0References52
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.4 views

PT-2024-37183 · Stitionai · Devika +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an attacker to access sensitive files on the server by providing incorrect file names, which the agent attempts to correct, inadvertently revealing the content of t...

6.2CVSS6.8AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2024/07/01 4:15 p.m.44 views

CVE-2024-36422

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...

6.1CVSS0.00406EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.5 views

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...

6.1CVSS6AI score0.00405EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.6 views

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...

6.1CVSS6AI score0.00405EPSS
Exploits1References3
OSV
OSV
added 2024/06/24 5:36 p.m.21 views

CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

6.5CVSS6.3AI score0.0073EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.6 views

Apache Superset Input Validation Error Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset before 3.1.3, version 4.0.0, which originates from a vulnerability that could allow an authenticated attacker to create a...

6.8CVSS6.5AI score0.01571EPSS
Exploits1References4
OSV
OSV
added 2024/06/11 3:15 a.m.4 views

CVE-2024-34684

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

6CVSS5.8AI score0.00143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/11 2:20 a.m.15 views

CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

3.7CVSS6.8AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 2024/06/11 2:20 a.m.59 views

CVE-2024-34684

CVE-2024-34684 affects SAP BusinessObjects Business Intelligence Platform (Scheduling) on Unix. An authenticated attacker with local administrator access can access the password of a local account, enabling retrieval of non-administrative credentials and allowing read/modify of remote server file...

6CVSS4.4AI score0.00143EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/06 6:31 p.m.38 views

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

6.5CVSS0.00614EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 6:31 p.m.70 views

CVE-2024-4888

BerriAI’s litellm (latest version) is affected by CVE-2024-4888 due to improper input validation on the /audio/transcriptions endpoint. The code uses os.remove(file.filename) to delete a file, allowing an attacker to delete arbitrary server files (e.g., SSH keys, SQLite databases, configuration f...

8.1CVSS6.9AI score0.00614EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.3 views

WordPress plugin Startklar Elementor Addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

9.8CVSS6.7AI score0.01002EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.6 views

The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity, related to errors in processing the relative path to the directory, allows a hacker to access arbitrary files from the server.

The vulnerability of the Continuous Integration and Application Delivery system CI/CD of TeamCity in JetBrains is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow a malicious actor to read arbitrary files from the server...

6.8CVSS5.6AI score0.00502EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder