45 matches found
CVE-2025-27519
Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...
CVE-2025-27519
Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...
CVE-2025-27519 Cognita Arbitrary File Write
Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...
CVE-2025-27519
CVE-2025-27519 concerns Cognita, a TrueFoundry RAG framework. A path traversal flaw exists in the Docker/deployed setup when LocalEnv is true, exploitable via /v1/internal/upload-to-local-directory. An attacker can overwrite /app/backend/init .py, and due to uvicorn with auto-reload in the contai...
The vulnerability of the application access protection software in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, has a flaw related to the lack of necessary verification during password changes. This allows attackers to alter user passwords.
The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the lack of necessary authentication during password changes. Exploiting this vulnerability allows an attacker to remotely change a user’s password...
GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki
Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...
Authenticated arbitrary file deletion in YesWiki
Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...
Exploit for Generation of Error Message Containing Sensitive Information in Apache Tomcat
PoC exploit for CVE-2024-21733, a vulnerability in Apache Tomcat...
Exploit for Infinite Loop in Nlnetlabs Unbound
This is a PoC exploit for CVE-2024-1931. The target product/serv...
The vulnerability of the software protection mechanism for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, is vulnerable due to the lack of encryption measures for protected data. This allows attackers to disclose the protected information.
The vulnerability of the IBM Security Verify Access application for Docker environments stems from the lack of encryption measures for protected data. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the software protection mechanism for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, has a flaw related to incorrect URL definition before file access. This allows attackers to elevate their privileges to the root level.
The vulnerability of the Docker-based application access control software, IBM Security Verify Access, stems from an incorrect definition of the link before accessing a file. Exploiting this vulnerability could allow attackers to elevate their privileges to the root level...
Exploit for Injection in Atlassian Confluence_Data_Center
CVE-2023-22527 Confluence RCE CVE-2023-22527 - RCE Remote Co...
PT-2024-1196 · Ibm · Ibm Security Verify Access Appliance +1
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker version 10.0.6.1 Description: The issue is caused by the lack of encryption of protected data in the IBM Security Verify Access Docker...
Exploit for Incorrect Authorization in Vmware Spring_Security
CVE-2022-22978 POC environment CVE-2022-22978 Spring-Security bypass Demo 在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证 影响范围 Spring Security 5.5.x http://localhost:8080/admin/index%0a Docker docker pull s0cke3t/cve-2022-22978:latest...
CVE-2021-45414
A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...
CVE-2021-45414
A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...
Remote code execution
A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...
CVE-2021-45414
A Remote Code Execution RCE vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 toc Vulnerability profile Vulnerabilit...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
CVE-2021-4034 PolKit Local Lift Analysis toc Vulnerabil...