Lucene search
K

37 matches found

Veracode
Veracode
added 2026/01/12 11:12 a.m.5 views

Path Traversal

React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...

9.1CVSS7AI score0.16104EPSS
Exploits0References6Affected Software3
NVD
NVD
added 2026/01/10 3:15 a.m.49 views

CVE-2025-61686

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS0.16104EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/10 2:41 a.m.2 views

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS5.8AI score0.16104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 2:41 a.m.125 views

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS0.16104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.6 views

react-router 路径遍历漏洞

react-router is an open source declarative routing for React by Remix. A path traversal vulnerability exists in react-router that stems from the fact that when using an unsigned cookie, a session may attempt to read from or write to a location outside of the specified session file directory...

9.1CVSS6.7AI score0.16104EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/08 8:45 p.m.2 views

Directory Traversal

Overview @remix-run/node is a Node.js platform abstractions for Remix Affected versions of this package are vulnerable to Directory Traversal via the createFileSessionStorage function. An attacker can access or modify files outside the intended session file directory by crafting a malicious sessi...

9.1CVSS7.4AI score0.16104EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 8:45 p.m.61 views

GHSA-9583-H5HC-X8CW React Router has Path Traversal in File Session Storage

If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...

9.1CVSS6.6AI score0.16104EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/08 8:45 p.m.23 views

React Router has Path Traversal in File Session Storage

If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...

9.1CVSS6.7AI score0.16104EPSS
Exploits0References3Affected Software3
GithubExploit
GithubExploit
added 2025/08/11 7:33 p.m.300 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 – Apache Tomcat RCE Exploit Descrição ---------...

9.8CVSS7.4AI score0.99945EPSS
Exploits47
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.7 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

8.1CVSS7.9AI score0.00561EPSS
Exploits0References1
OSV
OSV
added 2023/12/08 8:2 p.m.3 views

CVE-2023-49788 Improper handling of browser-side provided input in richdocuments path handling

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...

7.2CVSS7AI score0.00496EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.4 views

SUSE CVE-2011-2472

Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. dot dot in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760...

6.3CVSS6.4AI score0.00542EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.7 views

SUSE CVE-2011-2473

The dodumpdata function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opdpipe file, a different vulnerability than CVE-2011-1760...

6.3CVSS6.4AI score0.00401EPSS
Exploits1References3
OSV
OSV
added 2022/05/01 11:28 p.m.13 views

GHSA-76X8-GG39-5JJG CherryPy Malicious cookies allow access to files outside the session directory

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...

8.7CVSS6.3AI score0.02647EPSS
Exploits1References21
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.33 views

openSUSE Security Update : lightdm (openSUSE-SU-2012:0354-1)

update to version 1.0.9 - stop file descriptors leaking into the session processes bnc745339, lp927060, CVE-2012-1111 - fix compilation against gthread - change session directory once user permissions are set so it works on NFS filesystems that don't allow root to access files - fix object...

4.6CVSS5.2AI score0.00469EPSS
Exploits1References4
0day.today
0day.today
added 2009/08/04 12:0 a.m.4538 views

elgg <= 1.5 (/_css/js.php) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================= elgg dbname,$mysqldblink 48: if $simplecacheenabled || $override 49: $filename = $dataroot . 'viewssimplecache/' . md5$viewtype . $view; 51: $contents = filegetcontents$filename...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.16 views

Uebimiau Session Directory Disclosure

Uebimiau in default installation create one temporary folder to store SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2AI score
Exploits0
Rows per page
Query Builder