Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36131

Name of the Vulnerable Software and Affected Versions JeeSite version 5.15.1 Description An issue in the '/a/file/upload' endpoint allows authenticated attackers with file upload permissions to perform path traversal and write arbitrary files with whitelisted suffixes to any location on the...

9.6CVSS5.9AI score0.00383EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22221

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks, a private data network, contains a flaw in its command execution functionality. Authenticated users can redirect command output to arbitrary file locations, potentially overwriting...

8.8CVSS6.2AI score0.01951EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31314

File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...

9.8CVSS7.2AI score0.0074EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-1501

Malware in sbrugna...

5.3CVSS5.7AI score0.01758EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.2AI score0.00769EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS0.00769EPSS
Exploits1References1
OSV
OSV
added 2023/10/04 4:15 a.m.5 views

CVE-2023-5369

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

7.1CVSS5.9AI score0.00185EPSS
Exploits0References2
Rows per page
Query Builder