Lucene search
K

10 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-402 Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

9.8CVSS7.6AI score0.01154EPSS
Exploits1References6
CVE
CVE
added 2026/06/29 4:0 a.m.13 views

CVE-2026-13533

CVE-2026-13533 affects agentejo Cockpit CMS up to v0.12.2 in the htaccess Handler’s /config/config.yaml, via Spyc::YAMLLoad. The vulnerability arises from YAMLLoad manipulation that can make files or directories accessible and can be exploited remotely. Exploit code has been publicly disclosed an...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 11:3 p.m.6 views

GHSA-5C25-7VPJ-9MQH Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Summary fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefix, not a path-segment match, so the input /dashboard../data/config.yaml is accepted; strings.TrimPrefix leaves...

9.1CVSS5.9AI score0.00451EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40545

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description An authentication bypass and account takeover issue exists when Authelia or Authentik SSO is enabled. The software accepts Remote-User for Authelia and X-Authentik-Username for Authentik HTTP...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References11
CVE
CVE
added 2026/02/06 7:16 p.m.37 views

CVE-2026-25643

Frigate (NVR) prior to version 0.16.4 is affected by a critical Remote Command Execution (RCE) vulnerability in the go2rtc integration. The root cause is improper sanitization of user input in the video stream configuration (config.yaml), permitting injection of system commands via the exec: dire...

9.1CVSS5.6AI score0.02874EPSS
Exploits8References2Affected Software1
CVE
CVE
added 2026/01/01 7:3 a.m.40 views

CVE-2025-11157

CVE-2025-11157 is a high-severity remote code execution flaw in feast-dev/feast v0.53.0, due to unsafe YAML deserialization in the Kubernetes materializer (feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py) where yaml.load(..., Loader=yaml.Loader) processes /var/feast/feature_store....

7.8CVSS8.2AI score0.00264EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/21 8:36 p.m.7 views

CVE-2025-55740

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

6.5CVSS7.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/23 12:18 a.m.6 views

CVE-2025-27100

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

6.5CVSS6.4AI score0.00412EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/10/02 12:0 a.m.7 views

PT-2020-15704 · Cloudflare · Cloudflared

Name of the Vulnerable Software and Affected Versions: cloudflared versions prior to 2020.8.1 Description: The issue allows for local privilege escalation on Windows systems due to the way cloudflared searches for and reads configuration files. This could be exploited by a malicious entity to...

7.8CVSS8.5AI score0.00348EPSS
Exploits0References8
OSV
OSV
added 2016/06/08 5:59 p.m.3 views

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...

5.5CVSS5.8AI score0.0035EPSS
Exploits0References1
Rows per page
Query Builder