Lucene search
K

63 matches found

RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-54528

A flaw was found in JupyterLab Git, a Git extension for JupyterLab. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, vi...

7.1CVSS6AI score0.00285EPSS
Exploits0References6
CVE
CVE
added last week26 views

CVE-2026-54528

Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...

7.1CVSS6AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 7:36 p.m.9 views

GHSA-436Q-JWFR-RM2H jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score0.00285EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 7:32 a.m.8 views

Security Bulletin:DevOps Test Embedded for Eclipse IDE is vulnerable to XXE injection & RCE due to use of JGit and EGit ( CVE-2023-4759 and CVE-2025-4949)

Summary Due to the use of JGit and EGit, DevOps Test Embedded for Eclipse contains vulnerabilities that could lead to unauthorized file access via XML External Entity XXE injection, and arbitrary file overwrites on case-insensitive filesystems that can lead to Remote Code Execution RCE. This only...

8.8CVSS7.7AI score0.01884EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/02/09 10:15 a.m.12 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS0.00363EPSS
Exploits0References2
OSV
OSV
added 2026/01/28 11:0 p.m.5 views

GHSA-F72R-2H5J-7639 SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal

File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...

8.7CVSS5.6AI score0.00505EPSS
Exploits1References5
NVD
NVD
added 2026/01/20 1:15 a.m.7 views

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS0.00233EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1513

Malware in sbrugna...

8.2CVSS7.4AI score0.00576EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2006-0766

Malware in sbrugna...

2.6CVSS6.4AI score0.02236EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: nodejs (UTSA-2025-680628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680628 advisory. @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee tha...

8.2CVSS7.7AI score0.00576EPSS
Exploits0References4
CVE
CVE
added 2025/10/03 8:15 p.m.40 views

CVE-2025-59944

Cursor IDE versions 1.6.23 and earlier are affected by a vulnerability in how sensitive files are protected (notably /.cursor/mcp.json). The issue arises from case-sensitive checks that can be bypassed, allowing an attacker to modify sensitive files via prompt injection and achieve remote code ex...

9.8CVSS7.8AI score0.00337EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/03 5:28 p.m.5 views

CVE-2025-61593 Cursor CLI Agent: Sensitive File Overwrite Bypass

Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files i.e. /.cursor/cli.json allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A...

7.1CVSS7.8AI score0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.5 views

PT-2025-40600

Name of the Vulnerable Software and Affected Versions Cursor versions 1.6.23 and below Description Cursor IDE has case-sensitive checks when protecting sensitive files, such as /.cursor/mcp.json. This allows attackers to modify these files through prompt injection, potentially leading to remote...

9.8CVSS6.5AI score0.00337EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2025/07/16 3:28 p.m.64 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

9.8CVSS7.6AI score0.44312EPSS
Exploits13References6
RedHat Linux
RedHat Linux
added 2025/05/08 12:17 p.m.5 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

9.8CVSS7.6AI score0.44312EPSS
Exploits13References6
GithubExploit
GithubExploit
added 2025/03/06 9:40 a.m.569 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002: Exploiting Git RCE via git clone This repos...

9CVSS8.1AI score0.25334EPSS
Exploits32
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-4759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git...

8.8CVSS7.1AI score0.01884EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/14 6:50 a.m.3 views

SUSE CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

7.5CVSS8.6AI score0.01884EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/02/14 5:35 a.m.3 views

SUSE CVE-2024-10389

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

7.5CVSS6.6AI score0.00194EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 7:16 a.m.11 views

CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

7.5CVSS7.4AI score0.03152EPSS
Exploits2References1
Rows per page
Query Builder