Lucene search
K

7 matches found

OSV
OSV
added 2024/06/27 9:32 p.m.40 views

GHSA-9CHM-M6X2-6FVC lollms vulnerable to path traversal due to unauthenticated root folder settings change

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...

8.6CVSS8.7AI score0.00644EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/22 4:31 p.m.35 views

CVE-2023-49792 Bruteforce protection can be bypassed with misconfigured proxy

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

5.3CVSS9.8AI score0.01041EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/11/19 4:37 a.m.16 views

CVE-2021-44033

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed...

6.9AI score0.00487EPSS
Exploits3References3
UbuntuCve
UbuntuCve
added 2021/03/03 6:15 p.m.27 views

CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DN...

7.5CVSS6.9AI score0.32362EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/01/08 12:51 p.m.27 views

CVE-2020-29529

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0...

7.5CVSS3.4AI score0.02783EPSS
Exploits1References3
phpMyAdmin
phpMyAdmin
added 2016/11/25 12:0 a.m.60 views

Incorrect serialized string parsing

PMASA-2016-70 Announcement-ID: PMASA-2016-70 Date: 2016-11-25 Updated: 2016-12-06 Summary Incorrect serialized string parsing Description Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. Severity We consider this...

9.8CVSS7.2AI score0.02267EPSS
Exploits0Affected Software1
phpMyAdmin
phpMyAdmin
added 2013/08/04 12:0 a.m.31 views

ClickJacking protection can be bypassed.

PMASA-2013-10 Announcement-ID: PMASA-2013-10 Date: 2013-08-04 Updated: 2013-08-05 Summary ClickJacking protection can be bypassed. Description phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be...

4.3CVSS6.8AI score0.02276EPSS
Exploits1Affected Software1
Rows per page
Query Builder