Lucene search
K

220 matches found

Nuclei
Nuclei
added yesterday77 views

MobSF - Path Traversal

MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...

7.8CVSS7.2AI score0.0132EPSS
Exploits2
CVE
CVE
added 2026/06/17 3:4 p.m.10 views

CVE-2025-71321

CVE-2025-71321 concerns the Python toolset picker scan showing an arbitrary file writing vulnerability in the package before version 0.0.33. The root cause is bypassing the dangerous blocklist by abusing distutils.file_util.write_file, enabling attackers to craft malicious pickle objects that ove...

9.8CVSS6AI score0.00624EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 3:4 p.m.20 views

CVE-2025-71321 picklescan - Arbitrary File Writing via distutils Module Bypass

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

9.8CVSS0.00624EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained security vulnerabilities. These vulnerabilities stemmed from the use of eval to parse WaveDrom expressions in untrusted markdown content, which...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...

9.9CVSS6.2AI score0.0066EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

PPTAgent 路径遍历漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the markdowntabletoimage function, which could lea...

4.6CVSS5.9AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

Cockpit 路径遍历漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier had a path traversal vulnerability, which was caused by directory traversal in the Buckets component. This vulnerability could lead to arbitrary file writing...

6.5CVSS5.9AI score0.00835EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/09 9:2 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:8 a.m.5 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the downloadURLgifimage parameter in the GIF poster upload process. An attacker can access and disclose arbitrary server-local files by...

7.6CVSS6.3AI score0.00412EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

LibreChat 路径遍历漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Prior to LibreChat 0.8.4, there was a path traversal vulnerability. This vulnerability stemmed from trustin...

6.3CVSS5.9AI score0.00258EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 contained a path traversal vulnerability. This vulnerability stemmed from the template installation feature’s use of Zip Slip for arbitrary file writing. When downloadin...

8.1CVSS5.9AI score0.00314EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Group Office 代码问题漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.156, 25.0.90, and 26.0.12 contained code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the AbstractSettingsCollection model, which could allo...

9.9CVSS6.3AI score0.01026EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Langflow 访问控制错误漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow from 1.2.0 to 1.8.1 contain access control vulnerability issues. This vulnerability stems from the lack of boundary checks at the underlying storage layer,...

9.9CVSS6.2AI score0.01417EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/23 6:14 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the git resolver process. An attacker can access arbitrary files on the resolver pod by supplying crafted path input. Details A Directory Traversal attack also known as path traversal aims to access files and...

9.6CVSS6.5AI score0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.12 views

Pegasystems Pega Robot Studio 安全漏洞

Pegasystems Pega Robot Studio is an RPA Robotic Process Automation integration development environment provided by Pegasystems Corporation in the United States. There is a security vulnerability in Pegasystems Pega Robot Studio. This vulnerability stems from the possibility of arbitrary file...

9CVSS6AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

8.1CVSS5.8AI score0.00462EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

ApostropheCMS 路径遍历漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS prior to 3.5.3 had a path traversal vulnerability. This vulnerability stemmed from unparsed sections of path connections, which could lead to arbitrary file writing...

9.9CVSS5.9AI score0.00432EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

vaadin 安全漏洞

Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in Vaadin versions 14.14.0 and earlier, 23.6.6...

6.8CVSS5.9AI score0.00342EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

HP System Event Utility 安全漏洞

HP System Event Utility is a system application developed by Hewlett-Packard HP in the United States, designed to deliver official notifications to systems. There is a security vulnerability in HP System Event Utility, which may lead to denial-of-service attacks and allow for arbitrary file writi...

7.1CVSS5.9AI score0.00095EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

Google Web Designer 安全漏洞

Google Web Designer is a professional HTML5 advertising and web content creation tool developed by Google Inc. It supports both visual design and code editing. Google Web Designer has a security vulnerability, which stems from the Zip Slip vulnerability. This vulnerability may lead to arbitrary...

8.4CVSS6AI score0.00146EPSS
Exploits1References2
Rows per page
Query Builder