CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

Snyk•added 2026/03/12 2:18 a.m.•2 views

Malicious Package

Overview pcl-build-docroot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/03/12 2:18 a.m.•2 views

Malicious code in pcl-build-docroot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec644efff0c2f83a615a174be4d854af6d4411fec2fd2246ce43b6118f6065fd The package pcl-build-docroot was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

OSV•added 2026/03/12 2:18 a.m.•0 views

MAL-2026-1361 Malicious code in pcl-build-docroot (npm)

5.7AI score

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-0195

Malware in sbrugna...

6.5CVSS6.7AI score0.00402EPSS

Exploits0References12

SUSE CVE•added 2023/02/15 4:29 a.m.•1 views

SUSE CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS7.7AI score0.93194EPSS

Exploits5References3

RedHat Linux•added 2019/06/18 7:52 p.m.•0 views

thrift: Improper Access Control grants access to files outside the webservers docroot path

A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information...

6.5CVSS7.4AI score0.00402EPSS

Exploits0References4

OSV•added 2019/01/17 1:56 p.m.•34 views

GHSA-VX85-MJ8C-4QM6 Apache Thrift Node.js static web server sandbox escape

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path...

6.5CVSS6.6AI score0.00402EPSS

Exploits0References10

Veracode•added 2019/01/08 5:57 a.m.•28 views

Directory Traversal

apache thrift is vulnerable to directory traversal attack. The attack is possible via the set webservers docroot path which was not handled properly...

6.5CVSS6.6AI score0.00402EPSS

Exploits0References6Affected Software3

Debian CVE•added 2019/01/07 6:0 p.m.•27 views

CVE-2018-11798

6.5CVSS6.8AI score0.00402EPSS

Exploits0

UbuntuCve•added 2019/01/07 5:29 p.m.•25 views

CVE-2018-11798

6.5CVSS6.7AI score0.00402EPSS

Exploits0References4

Veracode•added 2018/02/27 5:51 a.m.•22 views

Directory Traversal

uWSGI is vulnerable to directory traversal attacks. The library does not properly check for the document root when the --php-docroot option is used, allowing a malicious user to traverse the directory...

7.5CVSS7.5AI score0.93194EPSS

Exploits5References3Affected Software1

Prion•added 2018/02/26 10:29 p.m.•15 views

Directory traversal

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

5CVSS7.5AI score0.93194EPSS

Exploits5References3Affected Software2

UbuntuCve•added 2018/02/26 10:29 p.m.•20 views

CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS7.1AI score0.93194EPSS

Exploits5References3

PyPA•added 2018/02/26 10:29 p.m.•4 views

PYSEC-2018-78

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS6.9AI score0.93194EPSS

Exploits5References3Affected Software1

OSV•added 2018/02/26 10:29 p.m.•1 views

UBUNTU-CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS7.1AI score0.93194EPSS

Exploits5References4

OSV•added 2018/02/26 10:29 p.m.•1 views

ALPINE-CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS6.9AI score0.93194EPSS

Exploits5References1

Debian CVE•added 2018/02/26 10:0 p.m.•22 views

CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS7.6AI score0.93194EPSS

Exploits5

Positive Technologies•added 2018/02/26 12:0 a.m.•3 views

PT-2018-18100 · Uwsgi +1 · Uwsgi +1

Name of the Vulnerable Software and Affected Versions: uWSGI versions prior to 2.0.17 Description: The issue arises from the mishandling of a DOCUMENT ROOT check during the use of the --php-docroot option, allowing directory traversal. Recommendations: For versions prior to 2.0.17, update to...

9.8CVSS8.4AI score0.93194EPSS

Exploits5References24

0day.today•added 2014/02/23 12:0 a.m.•43 views

CMSMadeSimple 1.11.10 Cross Site Scripting Vulnerability

CMSMadeSimple version 1.11.10 suffers from fourteen cross site scripting vulnerabilities. ============================================================== Title ...| CMSMadeSimple Multiple vulnerabilities Version .| cmsmadesimple-1.11.10-full.tar.gz Date ....| 20.02.2014 Found ...| HauntIT Blog Hom...

6.8AI score

Exploits0

seebug.org•added 2007/08/10 12:0 a.m.•18 views

FishCart <= 3.2 RC2 (fc_example.php) Remote File Inclusion Vulnerability

No description provided by source. fishcartv3 fcexample.php Remote File Include Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Scripts : fishcartv3 Discovered By : k1n9k0ng Scripts site : http://fishcart.org/fcinstallersnap20070803.zip...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by