Lucene search
+L

20 matches found

nvd
nvd
added 6 days ago8 views

CVE-2026-61434

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS0.00579EPSS
Exploits0References2
euvd
euvd
added 6 days ago9 views

EUVD-2026-42899

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
cve
cve
added 6 days ago7 views

CVE-2026-61434

CVE-2026-61434 involves PraisonAI prior to version 4.6.78, where an allowlist bypass in shell command execution enables attackers to abuse find’s built-in -exec, -execdir, and -delete actions. By crafting find commands that use these actions, an attacker can read blocked files, delete files, or r...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
osv
osv
added 6 days ago5 views

CVE-2026-61434 PraisonAI before 4.6.78 Allowlist Bypass via find -exec

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.7CVSS6.3AI score0.00579EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/25 5:43 p.m.8 views

CVE-2026-54091

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/25 5:43 p.m.3 views

CVE-2026-54091 File Browser: Incorrect access control in public directory shares via rule path rebasing

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References5
nvd
nvd
added 2026/04/07 8:16 p.m.13 views

CVE-2026-39364

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...

8.2CVSS0.02095EPSS
Exploits1References5
cve
cve
added 2026/04/07 7:12 p.m.30 views

CVE-2026-39364

CVE-2026-39364 affects the Vite dev server. Vulnerable versions include Vite 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4; on those, files that should be blocked by server.fs.deny (e.g., .env, *.crt) could be retrieved via HTTP 200 when requesting with certain query params (?raw, ?import&raw, or ?...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References5Affected Software2
attackerkb
attackerkb
added 2026/04/07 7:12 p.m.5 views

CVE-2026-39364

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References3Affected Software2
euvd
euvd
added 2026/04/07 7:12 p.m.8 views

EUVD-2026-19873

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/06 12:0 a.m.13 views

PT-2026-30868

Name of the Vulnerable Software and Affected Versions Vite versions 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4 Description Vite, a frontend tooling framework for JavaScript, allows retrieval of files blocked by server.fs.deny such as .env and .crt files with HTTP 200 responses when specific quer...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References13
nvd
nvd
added 2024/11/15 6:15 p.m.36 views

CVE-2024-52514

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files...

4.1CVSS0.00471EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/15 5:6 p.m.35 views

CVE-2024-52514 Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files...

4.1CVSS0.00471EPSS
Exploits0References4
osv
osv
added 2024/11/15 5:6 p.m.15 views

CVE-2024-52514 Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files...

4.1CVSS6.5AI score0.00471EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/11/15 12:0 a.m.4 views

Nextcloud 访问控制错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an Access Control Error vulnerability that stems from the fact that when a file is blocked by access control, users can still copy an...

4.1CVSS6.5AI score0.00471EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/11/21 12:0 a.m.4 views

PT-2023-9699 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.9 Nextcloud Server versions prior to 28.0.5 Nextcloud Server versions prior to 29.0.0 Nextcloud Enterprise Server versions prior to 21.0.9.18 Nextcloud Enterprise Server versions prior to 22.2.10.23...

5.7CVSS7.2AI score0.00652EPSS
Exploits0References11
cnvd
cnvd
added 2019/03/07 12:0 a.m.3 views

OFCMS backend ueditor uploadImage file upload vulnerability

OFCMS is a content management system based on Java technology. A backend ueditor uploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account the file.jsp::$DATA of the...

8.8CVSS7.6AI score0.02695EPSS
Exploits1References1
cvelist
cvelist
added 2016/12/14 12:37 a.m.26 views

CVE-2016-9209

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance ASA 5500-X Series with FirePOWER...

4.7AI score0.01184EPSS
Exploits0References2
cvelist
cvelist
added 2005/06/20 4:0 a.m.21 views

CVE-2005-1994

Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e"...

6.7AI score0.01425EPSS
Exploits0References5
nvd
nvd
added 2005/06/14 4:0 a.m.13 views

CVE-2005-1994

Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e"...

5CVSS6.7AI score0.01425EPSS
Exploits0References5
Rows per page
Query Builder