Lucene search
K

163 matches found

PyPA
PyPA
added 2025/12/19 6:15 p.m.9 views

PYSEC-2025-125

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

7.1CVSS5.9AI score0.03631EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/12/17 11:16 p.m.9 views

CVE-2025-68143

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

8.8CVSS0.07822EPSS
Exploits0References2
CVE
CVE
added 2025/12/17 10:9 p.m.42 views

CVE-2025-68143

CVE-2025-68143 affects the mcp-server-git component. Prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and could create Git repositories in any directory accessible to the server process without validating the target location, enabling repository creation at unintended loc...

8.8CVSS6.5AI score0.07822EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/17 7:49 p.m.6 views

GHSA-5CGR-J3JF-JW3V mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...

6.5CVSS6.8AI score0.07822EPSS
Exploits0References4
OSV
OSV
added 2025/11/07 5:15 p.m.6 views

CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

7.5CVSS6.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.11 views

PT-2025-45469

Name of the Vulnerable Software and Affected Versions AstrBot Project version 3.5.22 Description The software contains a directory traversal issue. The install plugin upload function within the '/plugin/install-upload' interface directly uses a filename from the request body, assigning it to the...

8.7CVSS6.6AI score0.00754EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-2485

Malware in sbrugna...

9.8CVSS9.4AI score0.01725EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3379

Malware in sbrugna...

4.3CVSS4.8AI score0.01131EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10338

Malware in sbrugna...

2.5CVSS6.2AI score0.01029EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25433

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2199

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00835EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-8086

Malicious code in bioql PyPI...

4CVSS4.1AI score0.00821EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-23976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp...

8.1CVSS7.3AI score0.01101EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 12:25 a.m.6 views

CVE-2010-2476

syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...

9.8CVSS7AI score0.01725EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/31 10:23 p.m.6 views

CVE-2025-24249

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system...

6.5AI score0.00827EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.1 views

PT-2025-13931 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.5 macOS versions prior to 14.7.5 macOS versions prior to 15.4 Description: A permissions issue was addressed with additional sandbox restrictions. An app may be able to check the existence of an arbitrary path on...

9.8CVSS6AI score0.00827EPSS
Exploits0References8
OSV
OSV
added 2025/03/20 12:32 p.m.2 views

GHSA-75PX-35P4-QQ6H Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS6AI score0.0081EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/27 8:54 a.m.19 views

CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

0.47207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/27 8:54 a.m.11 views

CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

5.7AI score0.47207EPSS
Exploits0References1
CVE
CVE
added 2025/01/27 8:54 a.m.136 views

CVE-2024-52012

Apache Solr (Windows) is affected by CVE-2024-52012: a relative path traversal (zip slip) via the configset upload API that can allow arbitrary file writes to the filesystem. Affected versions are Solr 6.6 through 9.7.0. The root cause is insufficient input sanitation in the configset upload path...

5.4CVSS9.6AI score0.47207EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder