Lucene search
K

116 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-22190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted...

7.8CVSS7AI score0.00465EPSS
Exploits1References2
NCSC
NCSC
added 2025/08/11 7:36 a.m.9 views

Vulnerability fixed in WinRAR

Rarlab has fixed a vulnerability in WinRAR. The vulnerability is in the Windows version of WinRAR and involves a path traversal. This flaw allows attackers to execute arbitrary code using malicious archive files. This can lead to unauthorized access and control of affected systems. Public sources...

8.8CVSS7.7AI score0.85778EPSS
Exploits35References1
OSV
OSV
added 2025/08/08 12:15 p.m.5 views

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET...

8.8CVSS6.2AI score0.85778EPSS
Exploits35References7
OSV
OSV
added 2025/02/27 4:15 p.m.4 views

CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/25 9:16 p.m.9 views

CVE-2025-0514 Executable hyperlink Windows path targets executed unconditionally on activation

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before 24.8.5...

7.2CVSS6.8AI score0.00317EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/01/28 4:35 a.m.11 views

CVE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS7.1AI score0.01404EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/01/21 12:0 a.m.52 views

Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A memory leak could occur when a remote peer abruptly closes the...

7.7CVSS6.7AI score0.01327EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.4 views

PT-2024-33676

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 3.0.6 Description: The issue arises from the os.path.isabs function not correctly handling UNC paths like //server/share on Python versions less than 3.11 on Windows. This affects Werkzeug's safe join function, whic...

7.5CVSS6.8AI score0.00786EPSS
Exploits2References172
BDU FSTEC
BDU FSTEC
added 2024/06/19 12:0 a.m.7 views

The vulnerability of the Rust library for working with Git repositories like gitoxide is related to shortcomings in the path name checking process for Windows. This allows an attacker to trigger a denial-of-service attack.

The vulnerability of the Rust library for working with Git repositories like gitoxide is related to shortcomings in the path name checking process for Windows. Exploiting this vulnerability could allow a malicious actor to cause service failures...

6.4CVSS5.5AI score0.00448EPSS
Exploits0References2Affected Software8
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-25803 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.43 Description: The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may...

8.4CVSS6.6AI score0.00368EPSS
Exploits0References9
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.02758EPSS
Exploits0
Hacker One
Hacker One
added 2024/01/08 2:35 a.m.12 views

Node.js: Path traversal by drive name in Windows environment

A vulnerability has been identified in the handling of drive names in the Windows environment of Node.js. Certain Node.js functions do not treat drive names as special on Windows, resulting in a path that refers to the root directory instead of a relative path as assumed. This vulnerability affec...

5.6CVSS6.7AI score0.01404EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.02758EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS8.9AI score0.02758EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/01/02 5:30 a.m.2 views

CVE-2023-47039 Perl: perl for windows binary hijacking vulnerability

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

7.8CVSS9.7AI score0.00414EPSS
Exploits0References3
OSV
OSV
added 2023/11/09 5:15 p.m.5 views

AZL-37397 CVE-2023-45283 affecting package golang for versions less than 1.21.6-1

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS6.8AI score0.02758EPSS
Exploits0References1
OSV
OSV
added 2023/11/09 5:15 p.m.6 views

AZL-37444 CVE-2023-45283 affecting package golang for versions less than 1.21.6-1

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS6.8AI score0.02758EPSS
Exploits0References1
OSV
OSV
added 2023/11/09 5:15 p.m.6 views

AZL-79034 CVE-2023-45283 affecting package golang 1.25.7-1

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS6.8AI score0.02758EPSS
Exploits0References1
OSV
OSV
added 2023/11/09 5:15 p.m.3 views

UBUNTU-CVE-2023-45283

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS6.9AI score0.02758EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/11/08 1:52 a.m.4 views

SUSE CVE-2023-45283

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

6.8CVSS7.4AI score0.02758EPSS
Exploits0References12
Rows per page
Query Builder