Lucene search
K

398 matches found

Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.6 views

PT-2025-7146 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: A Path Traversal issue in the maxtime/api/database/database.lua file allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. Recommendations: For versions...

4.9CVSS6.6AI score0.00698EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.8 views

PT-2025-7143 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: A path traversal issue in the maxtime/api/database/database.lua file, specifically in the copy endpoint, allows an authenticated remote attacker to overwrite sensitive files via crafted HTT...

7.2CVSS6.7AI score0.00775EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 6:26 a.m.8 views

CVE-2024-5211

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...

9.1CVSS9.2AI score0.01046EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:4 p.m.6 views

CVE-2024-0549

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...

8.1CVSS8AI score0.00819EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/12/23 8:17 p.m.35 views

Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. The JWT secret is critical for the authentication and authorization system. If...

7.1CVSS7.1AI score0.0015EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2024/12/23 6:15 p.m.2 views

CVE-2024-56362

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

7.1CVSS7.2AI score0.0015EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/23 5:19 p.m.14 views

CVE-2024-56362 Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

7.1CVSS6.8AI score0.0015EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/23 5:19 p.m.33 views

CVE-2024-56362 Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

7.1CVSS0.0015EPSS
Exploits0References3
CVE
CVE
added 2024/12/23 5:19 p.m.107 views

CVE-2024-56362

Navidrome is affected by CVE-2024-56362, a vulnerability where the JWT secret is stored in plaintext in the navidrome.db database file under the property table. This insecure storage allows anyone with access to the database file to retrieve the secret, potentially enabling token forgery and acco...

7.1CVSS6.8AI score0.0015EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/15 2:15 p.m.2 views

CVE-2024-11240

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...

6.1CVSS3.7AI score0.00412EPSS
Exploits1References4
OSV
OSV
added 2024/11/11 8:15 p.m.2 views

DEBIAN-CVE-2024-51747

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...

7.2CVSS5.7AI score0.00816EPSS
Exploits1References1
NVD
NVD
added 2024/05/28 8:16 p.m.9 views

CVE-2024-28061

An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file...

6.3CVSS6.2AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

AnythingLLM 路径遍历漏洞

AnythingLLM is a document chatbot that meets business requirements. A path traversal vulnerability exists in AnythingLLM that stems from insufficient input validation and normalization when processing file and folder deletion requests, allowing an unauthorized attacker with a default role account...

8.1CVSS8AI score0.00819EPSS
Exploits1References4
Redos
Redos
added 2024/04/04 12:0 a.m.35 views

ROS-20240404-14

The vulnerability of the library for controlling input/output to the terminal ncurses is related to the possibility of writing beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected...

7.8CVSS6.9AI score0.00923EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:6 a.m.26 views

BIT-SQLITE-2021-45346

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...

4.3CVSS4.8AI score0.01614EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/02/08 6:10 p.m.6 views

libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c

An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition...

6.5CVSS6.7AI score0.02133EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/02/08 6:8 p.m.4 views

libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c

An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition...

6.5CVSS6.7AI score0.02133EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/12/15 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-3438)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.2AI score0.00923EPSS
Exploits1References2
Veracode
Veracode
added 2023/12/13 6:19 a.m.16 views

Information Disclosure

nautobot is vulnerable to Information Disclosure. The vulnerability exists because the library uses django-db-file-storage by default, and it does not require any user authentication to access the database file storage. This allows an attacker to view files in the database storage and potentially...

5.3CVSS7.3AI score0.00748EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/03 12:0 a.m.8 views

PT-2023-11905 · Rl Institut · Nesp2

Name of the Vulnerable Software and Affected Versions: rl-institut NESP2 version 1.0 Description: A critical issue has been found, allowing for sql injection through an unknown function in the file app/database.py. This can be exploited remotely. The issue has been publicly disclosed and a patch ...

9.8CVSS7.6AI score0.00758EPSS
Exploits0References9
Rows per page
Query Builder