Lucene search
K

276 matches found

GithubExploit
GithubExploit
added 2025/01/16 12:16 p.m.237 views

Exploit for CVE-2025-25599

CVE-2025-25599 Details Bolt is an o...

7.8AI score
Exploits1
Vulnrichment
Vulnrichment
added 2024/11/26 6:37 p.m.10 views

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

6.3CVSS7.3AI score0.00399EPSS
Exploits0References2
CVE
CVE
added 2024/11/26 6:37 p.m.84 views

CVE-2024-53844

CVE-2024-53844 affects labsai/eddi (EDDI), a middleware for LLM API bots. The vulnerability is a path traversal in the backup export functionality, exploitable via the botFilename parameter in RestExportService.java. Input is not properly sanitized, allowing attackers to access arbitrary files in...

6.3CVSS6.5AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/26 6:37 p.m.30 views

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

6.3CVSS0.00399EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/09/23 8:30 p.m.41 views

lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...

9CVSS6.6AI score0.10996EPSS
Exploits4References6Affected Software1
OSV
OSV
added 2024/09/11 7:20 p.m.6 views

GHSA-635V-PC42-FR74 AWS SageMaker Training Toolkit logs CodeArtifact Authorization token

Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...

5.6CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2024/09/11 5:15 p.m.8 views

CVE-2024-20483

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

7.2CVSS6.1AI score0.01098EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.6 views

Cisco IOS XR 安全漏洞

Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from the software running as a Docker container on hardware supported by the Cisco IOS XR software, which could allow an authenticated, remote...

7.2CVSS7.8AI score0.01098EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/09/09 7:9 p.m.529 views

Exploit for Code Injection in Sqlpad

CVE-2022-0944 SQLPad - Template injection This is a blind vul...

9.1CVSS8.2AI score0.08669EPSS
Exploits12
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.8 views

The vulnerability of the API journal of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the log function API of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS5.9AI score0.00332EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/21 3:29 p.m.18 views

GO-2022-0903 Denial-of-Service within Docker container in ktbs.dev/teler

Denial-of-Service within Docker container in ktbs.dev/teler...

7.5CVSS7.5AI score0.01412EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/04/29 9:58 a.m.24 views

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and...

10CVSS8.7AI score0.20179EPSS
Exploits2
Kitploit
Kitploit
added 2024/04/05 11:30 a.m.45 views

Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...

7.4AI score
Exploits0References3
NVD
NVD
added 2024/02/13 7:15 p.m.27 views

CVE-2024-1355

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

9.1CVSS9.5AI score0.02363EPSS
Exploits0References4
Prion
Prion
added 2024/02/13 7:15 p.m.21 views

Command injection

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

5.8CVSS7.7AI score0.02363EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/13 6:51 p.m.93 views

CVE-2024-1355

CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...

9.1CVSS9.4AI score0.02363EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/13 6:51 p.m.5 views

CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

9.1CVSS7.7AI score0.02363EPSS
Exploits0References4
OSV
OSV
added 2024/02/03 1:15 a.m.3 views

CVE-2023-43016

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154...

7.3CVSS5.8AI score0.00713EPSS
Exploits1References3
OSV
OSV
added 2024/02/02 3:28 p.m.26 views

CVE-2024-24760 Mailcow Docker Container Exposure to Local Network

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

8.8CVSS7.3AI score0.00868EPSS
Exploits0References4
CVE
CVE
added 2024/02/02 3:28 p.m.42 views

CVE-2024-24760

CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...

8.8CVSS7AI score0.00868EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder