Lucene search
K

50 matches found

NVD
NVD
added 2026/06/30 2:16 p.m.10 views

CVE-2025-53648

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS0.00348EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 1:36 p.m.39 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

0.00348EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:36 p.m.5 views

CVE-2025-53648

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 1:36 p.m.13 views

CVE-2025-53648

CVE-2025-53648 affects Gravitino UI prior to 1.0.0, where a SQL misconfiguration can allow a malicious user to read or truncate files. The vulnerability is triggered by improper SQL handling in the Gravitino UI, impacting versions 1.0.0 and earlier. Upgrading to version 1.0.0 (as recommended) fix...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/18 12:0 a.m.10 views

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.3 views

CVE-2025-48619

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

8.4CVSS6.1AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 7:16 p.m.9 views

CVE-2025-48619

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

8.4CVSS0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 6:42 p.m.7 views

EUVD-2025-208211

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.1AI score0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/02 6:42 p.m.5 views

CVE-2025-48619

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.1AI score0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.20 views

CVE-2025-48619

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.001EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.7 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an Access Control Error vulnerability that originates from a logic error in multiple functions of ContentProvider.java, which can be exploited by an attacker to cause an application with read-onl...

8.4CVSS5.8AI score0.001EPSS
Exploits0References2
OSV
OSV
added 2026/03/01 12:0 a.m.6 views

ASB-A-414387646

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

8.4CVSS6.1AI score0.001EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.4 views

Amazon Linux 2023 : python3.13-filelock (ALAS2023-2026-1411)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1411 advisory. filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check- Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrar...

6.5CVSS7.4AI score0.00184EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/16 6:10 p.m.1 views

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.3CVSS5.8AI score0.00184EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/12/16 6:10 p.m.0 views

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS6.1AI score0.00184EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.2 views

PT-2025-43496

Name of the Vulnerable Software and Affected Versions ContentProvider.java affected versions not specified Description An application with read-only access may be able to truncate files due to a logic error in the code within multiple functions of ContentProvider.java. This could lead to local...

8.4CVSS6.2AI score0.001EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-53981

Malicious code in bioql PyPI...

6.5CVSS6.9AI score0.01174EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.19 views

EulerOS Virtualization 3.0.6.0 : samba (EulerOS-SA-2024-1704)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when...

6.5CVSS6.9AI score0.01174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/14 12:0 a.m.20 views

EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2024-1370)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when...

6.5CVSS6.9AI score0.01174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.32 views

EulerOS 2.0 SP8 : samba (EulerOS-SA-2024-1297)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS...

6.5CVSS6.9AI score0.01174EPSS
Exploits0References2
Rows per page
Query Builder