Lucene search
K

3 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 4:21 p.m.18 views

CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations

Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...

6AI score0.00037EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.13 views

The vulnerability of SonicWall SMA 100 series network firewall microprogramming software lies in the lack of access control over critical files and directories. This allows a hacker to delete any file and reset the system to its factory settings.

The vulnerability of SonicWall SMA 100 network firewall microprogramming software is related to the lack of access control over critical files and directories. Exploiting this vulnerability could allow a remote attacker to delete any file and reset the system to its factory settings...

9CVSS8.1AI score0.06787EPSS
Exploits1References4Affected Software5
OSV
OSV
added 2019/01/24 3:29 p.m.4 views

CVE-2019-1647

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...

8CVSS7.3AI score0.00808EPSS
Exploits0References2
Rows per page
Query Builder