Lucene search
K

105 matches found

Vulnrichment
Vulnrichment
added 2025/12/17 10:9 p.m.4 views

CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

6.5CVSS6.5AI score0.07822EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/17 7:49 p.m.2 views

Directory Traversal

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via the gitinit tool. An attacker can create repositories at arbitrary...

8.8CVSS7.3AI score0.07822EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/17 7:49 p.m.11 views

mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...

8.8CVSS7AI score0.07822EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.9 views

PT-2025-51936

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.9.25 mcp-server-git versions prior to 2025.12.18 Description The Model Context Protocol Servers, specifically the mcp-server-git component, contains a flaw in the git init tool. Prior to version 2025.9.25,...

8.8CVSS6.3AI score0.07822EPSS
Exploits0References29
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.22 views

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

0.00894EPSS
Exploits1References2
CVE
CVE
added 2025/12/04 12:0 a.m.15 views

CVE-2025-65346

The CVE affects alexusmai laravel-file-manager up to version 3.3.1, where the unzip/extraction feature lacks proper path validation, enabling directory traversal and potentially writing archive contents to arbitrary filesystem locations. No public fix version is indicated in the provided document...

9.1CVSS6.6AI score0.00894EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.5 views

Git Lfs 后置链接漏洞

Git Lfs is a command line tool from the Git Lfs team for working with large files in git projects. A backlink vulnerability exists in Git Lfs versions 0.5.2 through 3.7.0, which stems from an unchecked symbolic link that could result in writing to an arbitrary file system location...

8.6CVSS4.6AI score0.00707EPSS
Exploits0References6
OSV
OSV
added 2025/10/07 7:16 p.m.7 views

CLSA-2025-1759864577 Fix CVE(s): CVE-2025-6020

SECURITY UPDATE: fix privilege escalation in pamnamespace - debian/patches-applied/CVE-2025-6020-pre.patch: prerequisite changes - debian/patches-applied/CVE-2025-6020.patch: enforce proper handling of instance directory symlinks to prevent mounting arbitrary paths - CVE-2025-6020...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-24698

Malware in sbrugna...

7.8CVSS7.6AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.4 views

PT-2025-40296

Name of the Vulnerable Software and Affected Versions auth0-PHP versions 3.3.0 through 8.16.0 Description The Bulk User Import endpoint does not validate file path wrappers or values, potentially allowing acceptance of arbitrary file paths or URLs. This affects applications directly using the...

3.3CVSS6.8AI score0.00329EPSS
Exploits0References21
CVE
CVE
added 2025/08/21 7:59 a.m.24 views

CVE-2025-49222

Mattermost CVE-2025-49222 affects Mattermost Server versions 9.11.x, 10.5.x, 10.8.x, 10.9.x, and 10.10.x, where upload type validation in remote cluster upload sessions can be bypassed, allowing a system admin to upload non‑attachment file types that may be placed in arbitrary filesystem director...

6.8CVSS6.8AI score0.00281EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/21 7:59 a.m.3 views

CVE-2025-49222 Mattermost Shared Channel Upload Type Validation Bypass

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...

6.8CVSS7.3AI score0.00281EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-26954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp...

4.3CVSS7.2AI score0.00633EPSS
Exploits0References2
CVE
CVE
added 2025/06/06 9:27 a.m.55 views

CVE-2025-48783

CVE-2025-48783 describes an external control of file name or path in the delete file function of Soar Cloud HRD Human Resource Management System, affected up to version 7.3.2025.0408. The vulnerability allows remote attackers to delete partial files by specifying arbitrary file paths. Exploitatio...

8.8CVSS6.8AI score0.0033EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 12:55 p.m.6 views

CVE-2024-6583

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...

4.3CVSS7AI score0.00547EPSS
Exploits1References1
OSV
OSV
added 2024/12/03 6:15 a.m.4 views

CVE-2024-49411

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege...

4.6CVSS5.9AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.4 views

SAMSUNG mobile 安全漏洞

SAMSUNG mobile is a cell phone from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG mobile before SMR-Dec-2024 Release 1, which stems from a path traversal that allows a physical attacker to copy apk files to an arbitrary path using ThemeCenter privileges...

4.6CVSS6.5AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 7:15 p.m.6 views

CVE-2024-28806

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path...

7.5CVSS5.9AI score0.00591EPSS
Exploits0References1
CVE
CVE
added 2024/06/06 6:40 p.m.56 views

CVE-2024-3322

The CVE-2024-3322 path-traversal vulnerability affects parisneo/lollms-webui “cyber_security/codeguard” native personality up to version 9.5. The root cause is improper sanitization of user-supplied code_folder_path in lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor...

9.8CVSS7.9AI score0.00726EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/06 6:40 p.m.13 views

CVE-2024-3322 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

8.4CVSS5.9AI score0.00726EPSS
Exploits1References4
Rows per page
Query Builder