Lucene search
K

56 matches found

NVD
NVD
added 6 hours ago5 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS
Exploits0References3
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-40997

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score
Exploits0References3
OSV
OSV
added 6 days ago4 views

MAL-2026-6445 Malicious code in base58-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0081cc9c4152afede923a3e8ee9eb2116b32c02b7f355edbd411f23b2e67273c [email protected] presents itself as a base58 encoding library README markets it as @base58/core, public API mimics bs58/@scure/base but on require o...

5.8AI score
Exploits0References9
CVE
CVE
added 2026/06/24 5:48 p.m.44 views

CVE-2026-44017

CVE-2026-44017 concerns Docling’s EasyOCR model download: prior to 2.91.0, ZIP archives were extracted without validating member paths, enabling Zip Slip path traversal. An attacker who could supply or intercept the model source could overwrite files anywhere writable by the process, potentially ...

8.3CVSS6.7AI score0.00478EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.6 views

CVE-2026-43616

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.8CVSS0.00168EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/04 5:33 p.m.6 views

EUVD-2026-27081

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.1CVSS6.3AI score0.00168EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:33 p.m.5 views

CVE-2026-43616

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.1CVSS6.3AI score0.00168EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/04 5:33 p.m.35 views

CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

7.1CVSS0.00168EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.7 views

DIE-engine 安全漏洞

DIE-engine is a file type detection and reverse analysis tool developed by Hors’ individual developer. Versions of DIE-engine prior to 3.21 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks, allowing attackers to write arbitrary files into the file...

7.8CVSS6.3AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.7 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS5.9AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Google Cloud Vertex AI Workbench 安全漏洞

Google Cloud Vertex AI Workbench is a cloud-based integrated development environment provided by Google, Inc. There is a security vulnerability in Google Cloud Vertex AI Workbench, which allows attackers to exploit the built-in startup scripts to steal valid Google Cloud access tokens from other...

8.4CVSS5.8AI score0.00247EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : postgresql-9.2.23-3.el7 (AXSA:2017-2464:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2464:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

7.2CVSS7.4AI score0.00586EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.7 views

CVE-1999-0411

Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access...

7.2CVSS7AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/27 12:5 a.m.21 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS6.7AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2025/12/26 3:15 p.m.7 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS0.00119EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 3:15 p.m.7 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

5.1CVSS5.8AI score0.00119EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/26 12:0 a.m.24 views

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware CFW for Nokia Symbian Belle devices on Nokia 808 Delight v1.8, Nokia N8 Delight v6.7, Nokia E7 Delight v1.3, Nokia C7 Delight v6.7, Nokia 700 Delight v1.2, Nokia 701 Delight v1.1, Nokia 603 Delight v1.0, Nokia 500 Delight v1.2, Nokia E6 Delig...

0.00119EPSS
Exploits0References2
NVD
NVD
added 2025/12/24 8:15 p.m.6 views

CVE-2018-25148

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

8.8CVSS0.00669EPSS
Exploits2References3
CVE
CVE
added 2025/12/24 7:27 p.m.13 views

CVE-2018-25148

CVE-2018-25148 affects Microhard Systems IPn4G 1.1.0. The admin interface contains multiple authenticated remote code execution vulnerabilities that allow an authenticated attacker to create crontab jobs and modify system startup scripts. Attackers can execute arbitrary commands with root privile...

8.8CVSS8.4AI score0.00669EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-53368

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

8.8CVSS8.8AI score0.00669EPSS
Exploits2References4
Rows per page
Query Builder