Lucene search
K

26 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 9:9 p.m.3 views

CVE-2026-6829 nesquena hermes-webui Arbitrary Workspace Directory Access

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

6.3CVSS5.9AI score0.0026EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a path traversal vulnerability, which stems from a failure in trust boundaries. This vulnerability allows authenticated attackers to manipulate the workspace path parameters in endpoints suc...

6.3CVSS5.8AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.5 views

PT-2026-28497

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw contains an authorization bypass issue in the gateway agent RPC. Authenticated operators possessing operator.write permission can override workspace boundaries by manipulating the...

8.8CVSS6.1AI score0.00297EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-14336

Malware in sbrugna...

7.1CVSS7AI score0.01217EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-2008

Malicious code in bioql PyPI...

4CVSS4.8AI score0.00285EPSS
Exploits1References4
CVE
CVE
added 2025/03/20 10:10 a.m.79 views

CVE-2024-8898

CVE-2024-8898 affects the Parisneo/Lollms-WebUI project, specifically the internal APIs at the install and uninstall endpoints for version V12 (Strawberry). The root cause is insufficient sanitization of user-supplied input, enabling path traversal that can create or delete directories via arbitr...

9.8CVSS6.9AI score0.0075EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-8652 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to create an XML definition...

5.1CVSS7.5AI score0.00727EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/12/22 8:15 p.m.44 views

CVE-2022-22753

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected.. This...

7.1CVSS6.8AI score0.00632EPSS
Exploits1References3
Prion
Prion
added 2022/12/22 8:15 p.m.28 views

Code injection

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected.. This...

4.6CVSS7.2AI score0.00632EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2022/05/24 5:16 p.m.32 views

GHSA-VP49-2G4R-M3X3 SaltStack Salt is vulnerable Arbitrary Directory Access

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

7.1CVSS8.1AI score0.86063EPSS
Exploits17References16
Github Security Blog
Github Security Blog
added 2022/05/24 5:16 p.m.28 views

SaltStack Salt is vulnerable Arbitrary Directory Access

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS7.8AI score0.86063EPSS
Exploits17References16Affected Software1
Veracode
Veracode
added 2020/05/04 4:38 a.m.40 views

Arbitrary Directory Access

salt allows arbitrary directory access. The salt-master process in ClearFuncs class allows access to some methods that improperly sanitize paths and the methods allow authenticated users to access arbitrary directories...

6.5CVSS5.2AI score0.86063EPSS
Exploits17References12Affected Software1
NVD
NVD
added 2020/04/30 5:15 p.m.24 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS8AI score0.86063EPSS
Exploits17References13
OSV
OSV
added 2020/04/30 5:15 p.m.33 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS6.5AI score0.86063EPSS
Exploits17References13
Prion
Prion
added 2020/04/30 5:15 p.m.32 views

Improper access control

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

4CVSS7.8AI score0.86063EPSS
Exploits17References12Affected Software6
OSV
OSV
added 2020/04/30 5:15 p.m.42 views

PYSEC-2020-103

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS4.9AI score0.86063EPSS
Exploits17References13
Debian CVE
Debian CVE
added 2020/04/30 5:0 p.m.39 views

CVE-2020-11652

Removed by vendor...

6.5CVSS8.3AI score0.86063EPSS
Exploits17
Cvelist
Cvelist
added 2020/04/30 5:0 p.m.30 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

8AI score0.86063EPSS
Exploits17References12
AlpineLinux
AlpineLinux
added 2020/04/30 5:0 p.m.61 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS8.2AI score0.86063EPSS
Exploits17
ATTACKERKB
ATTACKERKB
added 2020/04/30 12:0 a.m.51 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Recent assessments: Assessed Attacker...

9.8CVSS8AI score0.96405EPSS
In wildExploits25References14
Rows per page
Query Builder