398 matches found
PT-2025-7146 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: A Path Traversal issue in the maxtime/api/database/database.lua file allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. Recommendations: For versions...
PT-2025-7143 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: A path traversal issue in the maxtime/api/database/database.lua file, specifically in the copy endpoint, allows an authenticated remote attacker to overwrite sensitive files via crafted HTT...
CVE-2024-5211
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...
CVE-2024-0549
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...
Navidrome Stores JWT Secret in Plaintext in navidrome.db
Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. The JWT secret is critical for the authentication and authorization system. If...
CVE-2024-56362
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...
CVE-2024-56362 Navidrome Stores JWT Secret in Plaintext in navidrome.db
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...
CVE-2024-56362 Navidrome Stores JWT Secret in Plaintext in navidrome.db
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...
CVE-2024-56362
Navidrome is affected by CVE-2024-56362, a vulnerability where the JWT secret is stored in plaintext in the navidrome.db database file under the property table. This insecure storage allows anyone with access to the database file to retrieve the secret, potentially enabling token forgery and acco...
CVE-2024-11240
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...
DEBIAN-CVE-2024-51747
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...
CVE-2024-28061
An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file...
AnythingLLM 路径遍历漏洞
AnythingLLM is a document chatbot that meets business requirements. A path traversal vulnerability exists in AnythingLLM that stems from insufficient input validation and normalization when processing file and folder deletion requests, allowing an unauthorized attacker with a default role account...
ROS-20240404-14
The vulnerability of the library for controlling input/output to the terminal ncurses is related to the possibility of writing beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected...
BIT-SQLITE-2021-45346
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...
libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c
An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition...
libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c
An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition...
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-3438)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information Disclosure
nautobot is vulnerable to Information Disclosure. The vulnerability exists because the library uses django-db-file-storage by default, and it does not require any user authentication to access the database file storage. This allows an attacker to view files in the database storage and potentially...
PT-2023-11905 · Rl Institut · Nesp2
Name of the Vulnerable Software and Affected Versions: rl-institut NESP2 version 1.0 Description: A critical issue has been found, allowing for sql injection through an unknown function in the file app/database.py. This can be exploited remotely. The issue has been publicly disclosed and a patch ...