Lucene search
K

320 matches found

CVE
CVE
added 2025/01/07 3:33 p.m.84 views

CVE-2025-21622

CVE-2025-21622 affects ClipBucket V5. The issue arises in the avatar deletion workflow where avatar_url is treated as a file path within the avatars directory without validating path traversal sequences. The final $file variable can be tainted by traversal inputs stored in the DB, enabling deleti...

9.1CVSS7.5AI score0.00923EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/30 9:19 p.m.30 views

CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS0.00725EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 9:19 p.m.16 views

CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS7AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
added 2024/10/23 12:0 a.m.12 views

Apache Solr Authentication Error Vulnerability

Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. An authentication error vulnerability exists in Apache Solr that stems from the...

9.8CVSS6.8AI score0.90709EPSS
Exploits1References1
OSV
OSV
added 2024/10/16 8:15 a.m.5 views

CVE-2024-45216

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...

9.8CVSS9.6AI score0.90709EPSS
Exploits1References2
OSV
OSV
added 2024/10/16 8:15 a.m.1 views

UBUNTU-CVE-2024-45216

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...

9.8CVSS5.8AI score0.90709EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/16 7:50 a.m.21 views

CVE-2024-45216 Apache Solr: Authentication bypass possible using a fake URL Path ending

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...

7.5AI score0.90709EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/16 7:50 a.m.42 views

CVE-2024-45216 Apache Solr: Authentication bypass possible using a fake URL Path ending

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...

0.90709EPSS
Exploits1References1
OSV
OSV
added 2024/07/05 7:15 p.m.1 views

CVE-2024-39020

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/vpsApiDatadeal.php?mudi=rev&nohrefStr=close...

6.3CVSS5.8AI score
Exploits0References1
Veracode
Veracode
added 2024/06/25 9:49 a.m.13 views

Information Disclosure

SilverStripe is vulnerable to Information Disclosure. The vulnerability is caused by a specific URL path configured by default through the silverstripe/framework module, which can be used to disclose that a domain is hosting a SilverStripe application...

7.5CVSS6.5AI score0.018EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

Oceanic 安全漏洞

Oceanic is a NodeJS library for interacting with Discord open-sourced by Oceanic. A security vulnerability exists in Oceanic versions prior to 1.10.4, which stems from uncleaned user input that may result in URL path traversal...

6.5CVSS6.5AI score0.00551EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.4 views

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from a...

7.7CVSS6.3AI score0.00797EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 5:31 p.m.20 views

CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

7.5CVSS8.1AI score0.00971EPSS
Exploits1References5
Veracode
Veracode
added 2024/03/01 8:4 a.m.12 views

Cross Site Scripting

concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability is due to inadequate input validation on user-supplied data through the URL path /dashboard/system/basics/name, allowing malicious scripts to be stored and executed in the context of the user's browser when the affected...

4.8CVSS6.1AI score0.0055EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/02/15 3:15 a.m.24 views

CVE-2024-26263

EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login...

7.5CVSS5.2AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2024/02/15 2:56 a.m.34 views

CVE-2024-26263

Summary: CVE-2024-26263 pertains to EBM Technologies RISWEB where a URL path is not properly controlled by permissions, enabling attackers to browse specific pages and query sensitive data without login. The core issue is improper access control affecting RISWEB’s URL paths; exploitation details ...

7.5CVSS5.2AI score0.0042EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/30 4:15 p.m.6 views

DEBIAN-CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS7.8AI score0.00682EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/01/30 4:15 p.m.46 views

CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

8.6CVSS7.2AI score0.00682EPSS
Exploits0References2
Prion
Prion
added 2023/11/02 9:15 a.m.18 views

Design/Logic Flaw

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service...

2.1CVSS5.3AI score0.00494EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/02 8:26 a.m.22 views

CVE-2023-5876 Regex DoS from a malicious server enrolled in Desktop

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service...

3.1CVSS5.5AI score0.00494EPSS
Exploits0References1
Rows per page
Query Builder