CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/01/09 11:37 a.m.•5 views

CVE-2003-1596

NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session...

7.5CVSS7.1AI score0.0011EPSS

Exploits0References1

OSV•added 2025/09/08 10:52 p.m.•3 views

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

2.3CVSS6.5AI score0.01434EPSS

Exploits1References8

Vulnrichment•added 2024/11/12 8:9 p.m.•11 views

CVE-2024-11117

Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Low...

6AI score0.00039EPSS

Exploits0References2

Cvelist•added 2024/06/19 7:55 p.m.•28 views

CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer

Wasmer is a web assembly wasm Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime ...

2.9CVSS0.00104EPSS

Exploits0References2

UbuntuCve•added 2021/02/09 2:15 p.m.•27 views

CVE-2021-21129

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page...

6.5CVSS7AI score0.06374EPSS

Exploits0References1

OSV•added 2021/02/09 2:15 p.m.•1 views

UBUNTU-CVE-2021-21123

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page...

6.5CVSS6.8AI score0.01457EPSS

Exploits0References2

Tenable Nessus•added 2021/01/25 12:0 a.m.•49 views

Fedora 33 : chromium (2021-48866282e5)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-48866282e5 advisory. - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCT...

9.6CVSS8.1AI score0.25876EPSS

Exploits4References27

RedhatCVE•added 2015/10/30 10:15 a.m.•21 views

CVE-2013-1956

The createuserns function in kernel/usernamespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call...

2.1CVSS6.8AI score0.0003EPSS

Exploits0References2

UbuntuCve•added 2013/04/24 7:55 p.m.•26 views

CVE-2013-1956

2.1CVSS5.9AI score0.0003EPSS

Exploits0References2

OSV•added 2005/09/29 12:0 a.m.•27 views

DSA-825-1 loop-aes-utils - privilege escalation

Bulletin has no description...

7.2CVSS5.3AI score0.00048EPSS

Exploits0

Rows per page