Lucene search
K

116 matches found

Redos
Redos
added 2025/07/10 12:0 a.m.5 views

ROS-20250710-07

YAML LibYAML analysis and creation library vulnerability is related to insufficient validation of user data in the LoadFile method. user data in the LoadFile method. Exploitation of the vulnerability could allow an attacker, acting remotely, to overwrite arbitrary files on the system...

9.1CVSS9.2AI score0.00368EPSS
Exploits1
NVD
NVD
added 2025/06/09 1:15 p.m.18 views

CVE-2025-5879

A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate t...

5.4CVSS0.00247EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.5 views

PT-2025-24323 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A vulnerability has been found in the code-projects Laundry System, classified as problematic. This issue affects unknown code of the file /data/edit type.php. The manipulation of the Type...

5.4CVSS3.8AI score0.00239EPSS
Exploits1References9
CVE
CVE
added 2025/06/05 10:0 a.m.54 views

CVE-2025-5651

CVE-2025-5651 affects code-projects Traffic Offense Reporting System 1.0. The vulnerability is caused by cross-site scripting in saveuser.php due to improper handling of input parameters (user_id/username/email/name/position), enabling injection of arbitrary scripts. Reports across multiple sourc...

5.4CVSS3.8AI score0.00239EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:21 a.m.6 views

CVE-2024-7309

A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h...

5.4CVSS6.2AI score0.00438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.7 views

CVE-2024-1268

A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file updateproduct.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

9.8CVSS6.9AI score0.00592EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/06 11:31 p.m.6 views

CVE-2025-3326 iteaj iboot 物联网网关 File Upload upload cross site scripting

A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The...

5.1CVSS6.4AI score0.00402EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/11 10:0 p.m.7 views

CVE-2025-2211 aitangbao springboot-manager add cross site scripting

A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit h...

4.8CVSS3.3AI score0.00448EPSS
Exploits1References4
NVD
NVD
added 2025/03/11 2:15 p.m.17 views

CVE-2025-2195

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possib...

6.1CVSS0.00311EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/19 4:46 p.m.7 views

CVE-2025-24965 .krun_config.json symlink attack creates or overwrites file on the host in crun

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

8.5CVSS7AI score0.00533EPSS
Exploits0References3
NVD
NVD
added 2025/02/10 9:15 p.m.4 views

CVE-2025-1157

A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. This issue affects some unknown processing of the file /model/modelrecuperarsenha.php. The manipulation of the argument recuperacao leads to sql injection. The attack may be initiated remotely. The exploit h...

6.5CVSS0.00311EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/23 7:31 p.m.27 views

CVE-2023-1607 novel-plus list sql injection

A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5.8CVSS9.2AI score0.00731EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/12/02 12:0 a.m.7 views

PT-2020-13571 · Pixar · Pixar Openusd

Name of the Vulnerable Software and Affected Versions: Pixar OpenUSD version 20.05 Description: A heap overflow issue exists when the software parses compressed sections in binary USD files. This occurs due to the way path jumps are processed in specially crafted USDC file formats, leading to a...

8.8CVSS8.2AI score0.0133EPSS
Exploits1References4
OSV
OSV
added 2020/05/29 6:16 p.m.4 views

OPENSUSE-SU-2020:0744-1 Security update for trousers

This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package bsc1157651. This update was imported from the...

7.8CVSS7.6AI score0.00482EPSS
Exploits1References3
OSV
OSV
added 2016/01/08 7:59 p.m.10 views

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS6.5AI score0.00394EPSS
Exploits0References7
OSV
OSV
added 2014/01/26 1:55 a.m.7 views

CVE-2014-0027

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...

6AI score
Exploits0References7
OSV
OSV
added 2013/08/23 4:55 p.m.11 views

CVE-2013-3368

bin/rt in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name...

8.2AI score
Exploits0References7
Vulnerability Lab
Vulnerability Lab
added 2013/05/04 12:0 a.m.16 views

File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

Document Title: =============== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=939 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
OSV
OSV
added 2012/11/18 11:55 p.m.11 views

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

6.1AI score
Exploits0References5
OSV
OSV
added 2012/07/12 8:55 p.m.7 views

CVE-2012-1174

The rmrfchildren function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."...

6.4AI score
Exploits0References6
Rows per page
Query Builder