Lucene search
K

45 matches found

RedhatCVE
RedhatCVE
added 2025/03/09 4:31 p.m.22 views

CVE-2025-27519

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

9.3CVSS7.7AI score0.01271EPSS
Exploits1References1
NVD
NVD
added 2025/03/07 4:15 p.m.25 views

CVE-2025-27519

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

9.3CVSS0.01271EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/07 3:36 p.m.8 views

CVE-2025-27519 Cognita Arbitrary File Write

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

9.3CVSS7.9AI score0.01271EPSS
Exploits1References3
CVE
CVE
added 2025/03/07 3:36 p.m.85 views

CVE-2025-27519

CVE-2025-27519 concerns Cognita, a TrueFoundry RAG framework. A path traversal flaw exists in the Docker/deployed setup when LocalEnv is true, exploitable via /v1/internal/upload-to-local-directory. An attacker can overwrite /app/backend/init .py, and due to uvicorn with auto-reload in the contai...

9.3CVSS7.9AI score0.01271EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/02/17 12:0 a.m.7 views

The vulnerability of the application access protection software in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, has a flaw related to the lack of necessary verification during password changes. This allows attackers to alter user passwords.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the lack of necessary authentication during password changes. Exploiting this vulnerability allows an attacker to remotely change a user’s password...

5.6CVSS5.5AI score0.00259EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/01/21 8:11 p.m.16 views

GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

7.1CVSS6.8AI score0.00568EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/01/21 8:11 p.m.17 views

Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

7.1CVSS6.8AI score0.00568EPSS
Exploits1References4Affected Software1
GithubExploit
GithubExploit
added 2024/08/15 9:47 a.m.870 views

Exploit for Generation of Error Message Containing Sensitive Information in Apache Tomcat

PoC exploit for CVE-2024-21733, a vulnerability in Apache Tomcat...

5.3CVSS8.1AI score0.14286EPSS
Exploits3
GithubExploit
GithubExploit
added 2024/08/13 2:9 p.m.497 views

Exploit for Infinite Loop in Nlnetlabs Unbound

This is a PoC exploit for CVE-2024-1931. The target product/serv...

7.5CVSS6.7AI score0.02516EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/01/23 12:0 a.m.6 views

The vulnerability of the software protection mechanism for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, is vulnerable due to the lack of encryption measures for protected data. This allows attackers to disclose the protected information.

The vulnerability of the IBM Security Verify Access application for Docker environments stems from the lack of encryption measures for protected data. Exploiting this vulnerability can allow attackers to disclose protected information...

5.5CVSS6.6AI score0.00148EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/23 12:0 a.m.5 views

The vulnerability of the software protection mechanism for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, has a flaw related to incorrect URL definition before file access. This allows attackers to elevate their privileges to the root level.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, stems from an incorrect definition of the link before accessing a file. Exploiting this vulnerability could allow attackers to elevate their privileges to the root level...

7.8CVSS7.4AI score0.00247EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2024/01/16 8:46 a.m.362 views

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527 Confluence RCE CVE-2023-22527 - RCE Remote Co...

10CVSS10AI score0.99984EPSS
Exploits32
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.4 views

PT-2024-1196 · Ibm · Ibm Security Verify Access Appliance +1

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker version 10.0.6.1 Description: The issue is caused by the lack of encryption of protected data in the IBM Security Verify Access Docker...

6.2CVSS8.9AI score0.00148EPSS
Exploits1References7
Gitee
Gitee
added 2023/04/07 4:5 p.m.6 views

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE-2022-22978 POC environment CVE-2022-22978 Spring-Security bypass Demo 在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证 影响范围 Spring Security 5.5.x http://localhost:8080/admin/index%0a Docker docker pull s0cke3t/cve-2022-22978:latest...

9.8CVSS7.5AI score0.10037EPSS
Exploits6
NVD
NVD
added 2022/02/28 9:15 p.m.25 views

CVE-2021-45414

A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...

9.8CVSS0.03278EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/02/28 9:15 p.m.3 views

CVE-2021-45414

A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...

9.8CVSS6AI score0.03278EPSS
Exploits2References2
Prion
Prion
added 2022/02/28 9:15 p.m.17 views

Remote code execution

A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...

7.5CVSS9.6AI score0.03278EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/28 8:14 p.m.30 views

CVE-2021-45414

A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...

9.9AI score0.03278EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2022/01/27 2:31 a.m.426 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 toc Vulnerability profile Vulnerabilit...

7.8CVSS7.2AI score0.99295EPSS
Exploits81
GithubExploit
GithubExploit
added 2022/01/26 10:58 a.m.699 views

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 PolKit Local Lift Analysis toc Vulnerabil...

7.8CVSS7.2AI score0.94921EPSS
Exploits152
Rows per page
Query Builder