Lucene search
K

77 matches found

Cvelist
Cvelist
added 2025/12/08 12:0 a.m.18 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

0.00637EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/24 11:31 p.m.5 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.3 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.3 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.0 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/24 11:31 p.m.7 views

LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/14 6:0 p.m.3 views

GHSA-P84V-GXVW-73PF Argo Workflow has a Zipslip Vulnerability

Vulnerability Description Vulnerability Overview 1. During the artifact extraction process, the unpack function extracts the compressed file to a temporary directory /etc.tmpdir and then attempts to move its contents to /etc using the rename system call, 2. However, since /etc is an already...

8.1CVSS7AI score0.00589EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-1822

Malware in sbrugna...

9CVSS8.8AI score0.02618EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 5:14 p.m.6 views

GHSA-CCC3-FVFX-MW3V MobSF Path Traversal in GET /download/<filename> using absolute filenames

Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...

5.3CVSS6.9AI score0.0073EPSS
Exploits1References4
Veracode
Veracode
added 2025/08/21 7:3 a.m.6 views

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe path construction in the addcrypted endpoint via the package parameter, which allows unauthenticated attackers to write arbitrary files outside the designated directory, enabling privilege escalation and remot...

9.8CVSS9.2AI score0.01191EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/26 12:0 a.m.8 views

The vulnerability of the HttpServletRequest.getParameter() function in the centralized multimedia content management system MagicINFO 9 allows a hacker to execute arbitrary code.

The vulnerability of the HttpServletRequest.getParameter function in the MagicINFO 9 centralized multimedia content management system is related to the improper creation of a file system path by combining a permanent directory, a temporary marker, and the fileName parameter. Exploiting this...

9CVSS8.5AI score0.91941EPSS
Exploits3References9Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.1 views

kernel: zsmalloc: move LRU update from zs_map_object() to zs_malloc()

A flaw was found in the Linux kernel zsmalloc memory allocator. Under certain memory pressure and reclaim conditions, zsmalloc updated its LRU lists in an unsafe context, which could lead to list corruption due to a race between object mapping and allocation paths. A local user able to trigger...

5.8AI score0.00155EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.4 views

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

9.8CVSS8.1AI score0.67414EPSS
Exploits0References2
Rows per page
Query Builder