Lucene search
K

41 matches found

Cvelist
Cvelist
added 2025/12/31 12:0 a.m.23 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

0.0014EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 12:26 a.m.7 views

CVE-2025-65213

MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...

9.8CVSS8.7AI score0.00619EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

CMSimple_XH 安全漏洞

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

7.1CVSS5.6AI score0.00323EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-8461

Malicious code in bioql PyPI...

9.3CVSS6.5AI score0.01598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:49 p.m.9 views

CVE-2021-33724

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path...

9.1CVSS6.9AI score0.00999EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.6 views

Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.34, which stems from the CreateModelHandler function reading a file using os.Open, where the req.Path parameter can be controlled by th...

7.5CVSS8.8AI score0.02683EPSS
Exploits1References3
OSV
OSV
added 2024/07/02 8:15 p.m.19 views

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

6.8AI score
Exploits0References3
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.4 views

Cisco Crosswork Network Services Orchestrator 安全漏洞

Cisco Crosswork Network Services Orchestrator is a network services orchestrator from Cisco USA. A security vulnerability exists in Cisco Crosswork Network Services Orchestrator that originates from the use of a user-controlled search path to locate executables, allowing an authenticated, local...

7.8CVSS6.5AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2023/04/12 9:45 p.m.51 views

GO-2023-1713 Path traversal in github.com/sjqzhang/go-fastdfs

An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server...

9.8CVSS8.3AI score0.03524EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/03/29 3:15 p.m.3 views

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

7.8CVSS5.9AI score0.00489EPSS
Exploits0References4
OSV
OSV
added 2023/03/29 3:15 p.m.13 views

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

7.8CVSS5.8AI score0.00489EPSS
Exploits0References3
NVD
NVD
added 2023/02/14 11:15 a.m.24 views

CVE-2022-35868

A vulnerability has been identified in TIA Multiuser Server V14 All versions, TIA Multiuser Server V15 All versions V15.1 Update 8, TIA Project-Server All versions V1.1, TIA Project-Server V16 All versions, TIA Project-Server V17 All versions V17 Update 6. Affected applications contain an untrust...

7.3CVSS6.4AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.3 views

PT-2023-18667 · Act · Act

Name of the Vulnerable Software and Affected Versions: act versions prior to 0.2.40 Description: The artifact server in act does not sanitize path inputs, allowing an attacker to download and overwrite arbitrary files on the host from a Github Action, potentially leading to privilege escalation...

8.8CVSS7.3AI score0.01256EPSS
Exploits1References15
OSV
OSV
added 2022/07/28 1:15 a.m.5 views

CVE-2022-36991

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path o...

6.5CVSS5.8AI score0.0058EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/28 1:15 a.m.4 views

CVE-2022-36991

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path o...

8.1CVSS5.8AI score0.0058EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.7 views

Dompdf 安全漏洞

Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf versions prior to 2.0.0, which originates from an externally controlled filename or path...

5.3CVSS7.3AI score0.00913EPSS
Exploits1References8
CNVD
CNVD
added 2021/10/13 12:0 a.m.21 views

Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2021-77583)

SINEC NMS is Siemens' network management system for monitoring and managing industrial networks. A path traversal vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows arbitrary files to be downloaded under...

7.5CVSS7.7AI score0.01176EPSS
Exploits0References1
OSV
OSV
added 2021/10/12 10:15 a.m.3 views

CVE-2021-33724

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path...

9.1CVSS5.8AI score0.00999EPSS
Exploits0References1
OSV
OSV
added 2021/10/12 10:15 a.m.4 views

CVE-2021-33725

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory...

9.1CVSS5.8AI score0.00999EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/12 9:49 a.m.24 views

CVE-2021-33724

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path...

9.3AI score0.00999EPSS
Exploits0References1
Rows per page
Query Builder