Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59723

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS6.1AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/29 7:18 p.m.8 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...

6.3CVSS6AI score0.0021EPSS
Exploits0References2
Veracode
Veracode
added 2026/01/27 1:30 p.m.6 views

Directory Traversal

Swing Music is vulnerable to Directory Traversal. The vulnerability is due to insufficient path validation in the listfolders function of the /folder/dir-browser endpoint, which allows an authenticated attacker to traverse the filesystem and browse arbitrary directories on the server...

5.3CVSS6AI score0.00511EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:2 a.m.12 views

Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user

Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...

5.3CVSS5.8AI score0.00511EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/21 1:2 a.m.9 views

GHSA-PJ88-9XWW-GXMH Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user

Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...

5.3CVSS5.9AI score0.00511EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.10 views

SwingMusic: Access control error vulnerability

SwingMusic is an open-source local music player developed by Swing Music. Versions of SwingMusic prior to 2.1.4 contained a access control error vulnerability. This vulnerability stemmed from a directory traversal vulnerability in the listfolders function within the /folder/dir-browser endpoint,...

5.3CVSS5.8AI score0.00511EPSS
Exploits1References3
Veracode
Veracode
added 2023/04/24 9:21 a.m.15 views

Cross-Site Scripting (XSS)

sidekiq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in application.rb which allows an attacker to inject and execute arbitrary JavaScript into the browser through the /metric endpoint...

9.6CVSS8.5AI score0.02742EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder