Lucene search
K

30 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox

When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...

6.5CVSS6.7AI score0.00508EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.7 views

CVE-2026-45004

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References4
CVE
CVE
added 2026/03/04 12:13 p.m.14 views

CVE-2026-24732

CVE-2026-24732 affects Hallo Welt! GmbH BlueSpice Extension:NSFileRepo, with vulnerable versions 5.1–5.1.5 and 5.2–5.2.0. The issue is improper permission checks in the extension, allowing access to functionality not properly constrained by ACLs and bypassing electronic locks and access controls....

8.7CVSS5.9AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 12:13 p.m.5 views

CVE-2026-24732 Improper permission checks in Extension:NSFileRepo

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-22907

Name of the Vulnerable Software and Affected Versions Hallo Welt! GmbH BlueSpice versions 5.1 through 5.1.5 Hallo Welt! GmbH BlueSpice versions 5.2 through 5.2.0 Description An issue exists in the Extension:NSFileRepo modules of BlueSpice that allows access to functionality not properly constrain...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

FRRouting 安全漏洞

FRRouting is FRRouting open source a network routing software suite running on a Unix-like platform . FRRouting suffers from a denial of service vulnerability caused by NULL pointer dereference via the showvtyextprefprefsid function on ospfext.c. An attacker could exploit this vulnerability to...

7.5CVSS5.8AI score0.00582EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/27 7:42 p.m.4 views

EUVD-2025-36364

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

8.2CVSS6.8AI score0.00398EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2018-0478

Malware in sbrugna...

7.5CVSS7.5AI score0.02518EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23622

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00385EPSS
Exploits0References2
CNVD
CNVD
added 2025/08/28 12:0 a.m.0 views

Delta Electronics COMMGR Command Injection Vulnerability

Delta Electronics COMMGR is a communication management software from Delta Electronics China. Delta Electronics COMMGR suffers from a command injection vulnerability due to improper boundary checking when creating specially designed .isp files, no details of the vulnerability are available at thi...

8.6CVSS7.6AI score0.00376EPSS
Exploits0References1
NVD
NVD
added 2025/08/05 3:15 p.m.6 views

CVE-2025-29745

A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S Emsisoft Custom Scan extension file...

7.5CVSS0.00385EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:35 a.m.8 views

CVE-2023-28160

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...

6.5CVSS6AI score0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/05 3:48 a.m.31 views

CVE-2025-1915

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. Chromium security severity: Mediu...

0.00415EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.4 views

PT-2023-29852 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.6 Parse Server versions prior to 6.3.1 Description: Parse Server crashes when uploading a file without extension. This issue has been patched in versions 5.5.6 and 6.3.1. Recommendations: For versions prior ...

7.5CVSS7.3AI score0.01053EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 111, which originates from a redirection to a Web extension file that could lead to the disclosure of a local path...

6.5CVSS7.8AI score0.00508EPSS
Exploits0References5
OSV
OSV
added 2023/03/15 12:0 a.m.2 views

UBUNTU-CVE-2023-28160

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...

6.5CVSS7.3AI score0.00508EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.4 views

SUSE CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. dot dot in an entry in 1 an XSLT JAR filter description file, 2 an Extension aka OXT file, or unspecified other 3 JAR or 4 ZIP files...

9.3CVSS7.3AI score0.10731EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.7 views

The vulnerability of the exif_process_user_comment function (ext/exif/exif.c) in the PHP programming language allows a hacker to cause a service failure.

The vulnerability of the exifprocessusercomment function ext/exif/exif.c in the PHP programming language is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.1CVSS7.2AI score0.03907EPSS
Exploits1References13Affected Software3
Huntr
Huntr
added 2022/04/15 4:51 a.m.13 views

Unrestricted Image Upload

Description When testing file upload function in Organizr 2.1.1830, there are improvement on image upload features in Image Manager. But user can bypass it by identify double extension file type method Proof of Concept 1 Login and go to Settings - Image Manager 2 Upload file with double extension...

1.3AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-13671

Improper sanitization in the extension file names is present in Drupal core...

8.8CVSS7.3AI score0.04269EPSS
Exploits0References1
Rows per page
Query Builder