Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

OSV
OSVadded 7 hours ago3 views

GHSA-H535-J5HR-MV56 DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

9.3CVSS5.5AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 7 hours ago5 views

DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

5.5AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/01/24 7:15 p.m.5 views

CVE-2022-23126

TeslaMate before 1.25.1 when using the default Docker configuration allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls...

9.8CVSS5.8AI score0.01027EPSS
Exploits0References7
Rows per page
Query Builder