Lucene search
K

276 matches found

Snyk
Snyk
added 2025/06/13 1:48 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via Script Runner tool. An attacker as an authenticated user can request any file from the Docker container via /script-api/scripts/ endpoint since these are stored in default location. Details A Directory Traversal...

9.1CVSS7.7AI score0.00856EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.9 views

CVE-2024-53844

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

6.3CVSS7.1AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.9 views

CVE-2023-34844

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

9.8CVSS6.7AI score0.00939EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:23 p.m.8 views

CVE-2020-15378

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface...

5.3CVSS6.9AI score0.00793EPSS
Exploits0
CVE
CVE
added 2025/04/16 8:37 a.m.125 views

CVE-2024-22036

CVE-2024-22036 describes a vulnerability in Rancher where a cluster/node driver can escape the chroot jail and gain root access to the Rancher container itself, with potential privilege escalation within the container and, in test/dev environments, possible escape to the host. The issue affects R...

9.1CVSS9.7AI score0.0073EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/16 8:37 a.m.3 views

CVE-2024-22036 Rancher Remote Code Execution via Cluster/Node Drivers

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

9.1CVSS9.7AI score0.0073EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:42 a.m.48 views

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

7.5CVSS7.6AI score0.03028EPSS
Exploits3Affected Software1
Metasploit
Metasploit
added 2025/04/07 6:50 p.m.915 views

Appsmith RCE

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. Module Options msf use exploit/linux/http/appsmithrcecve202455964 msf exploitappsmithrcecve202455964 show targets ...targets... msf...

9.8CVSS7.4AI score0.27733EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2025/04/04 12:0 a.m.9 views

AWS SAM CLI < 1.133.0 multiple vulnerabilities

The version of AWS SAM CLI installed on the remote host is prior to 1.133.0 and is, therefore, affected by multiple vulnerabilities: - When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged...

6.9CVSS5.5AI score0.00724EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/02 3:42 p.m.11 views

CVE-2025-3047

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

6.9CVSS7.3AI score0.00724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/02 3:40 p.m.9 views

CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

6.9CVSS7.3AI score0.0062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 1:21 a.m.26 views

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

9.8CVSS7.3AI score0.06268EPSS
Exploits2References1
NVD
NVD
added 2025/03/26 8:15 p.m.16 views

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

9.8CVSS0.06268EPSS
Exploits2References1
CVE
CVE
added 2025/03/26 12:0 a.m.105 views

CVE-2024-55964

CVE-2024-55964 — Appsmith RCE : A misconfigured PostgreSQL instance in the Appsmith image (pre-1.52) enables remote command execution inside the Appsmith Docker container. To exploit, an attacker must access Appsmith, log in, create a datasource, craft a query against that datasource, and execute...

9.8CVSS7.5AI score0.06268EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2025/03/26 12:0 a.m.16 views

CVE-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...

0.06268EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:20 a.m.11 views

CVE-2024-8060

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

8.1CVSS7.9AI score0.00881EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 12:32 p.m.6 views

GHSA-FF5C-56M7-VC75 Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

8.1CVSS8.1AI score0.00881EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

8.1CVSS7.7AI score0.00881EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-8060 Remote Code Execution in OpenWebUI via Arbitrary File Upload

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

8.1CVSS0.00881EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:35 p.m.13 views

CVE-2022-39206

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

9.9CVSS7.1AI score0.0165EPSS
Exploits1References1
Rows per page
Query Builder