Lucene search
+L

374 matches found

GithubExploit
GithubExploit
added 2025/05/14 5:35 p.m.383 views

Exploit for CVE-2024-37010

CVE-2024-37010 Exploit for the CVE-2024-37010: access other u...

7.4AI score
Exploits1
RedhatCVE
RedhatCVE
added 2025/04/05 6:38 a.m.38 views

CVE-2025-30485

UNIX symbolic link Symlink following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files...

6.2CVSS6.9AI score0.00305EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/31 7:59 a.m.5 views

Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers

Overview FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files CWE-61. Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Attaching to the affect...

6.2CVSS6.6AI score0.00305EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/28 12:0 a.m.37 views

PT-2025-13560 · Futurenet · Futurenet Nxr Series

Name of the Vulnerable Software and Affected Versions: FutureNet NXR series, VXR series and WXR series routers affected versions not specified Description: The issue exists due to improper handling of symbolic link files. An attacker can exploit this by attaching an external storage containing...

6.2CVSS6.3AI score0.00305EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-40284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if t...

7.8CVSS6.9AI score0.00347EPSS
Exploits0References2
NCSC
NCSC
added 2025/03/04 10:15 a.m.19 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...

9.8CVSS8AI score0.00809EPSS
Exploits1References2
OSV
OSV
added 2025/02/06 1:15 p.m.3 views

CVE-2024-57960

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS5.8AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from the Chinese company Huawei Huawei. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS that stems from an input validation class vulnerability in the ExternalStorageProvid...

7.7CVSS6.7AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/01/28 4:15 p.m.42 views

CVE-2025-23212

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...

7.7CVSS0.00502EPSS
Exploits1References2
CVE
CVE
added 2025/01/28 3:29 p.m.60 views

CVE-2025-23212

CVE-2025-23212 affects Tandoor Recipes. The vulnerability stems from the external storage feature, which allows any user to enumerate the names and contents of files on the server, yielding a local file disclosure. The issue is fixed in version 1.5.28 . Multiple connected sources corroborate this...

7.7CVSS7.5AI score0.00502EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/01/28 3:29 p.m.17 views

CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...

7.7CVSS6.7AI score0.00502EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.4 views

PT-2025-4851 · Unknown · Tandoor Recipes

Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.28 Description: Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files...

7.7CVSS7.2AI score0.00502EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.4 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is a Tandoor Recipes open source application for managing recipes, planning meals, creating shopping lists, and more. A security vulnerability exists in Tandoor Recipes versions prior to 1.5.28, which stems from an external storage feature that allows any user to enumerate the nam...

7.7CVSS6.5AI score0.00502EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/15 4:46 p.m.24 views

CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...

4.4CVSS7AI score0.00529EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/15 4:46 p.m.44 views

CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...

4.4CVSS0.00529EPSS
Exploits0References5
CVE
CVE
added 2024/11/15 4:46 p.m.98 views

CVE-2024-52518

CVE-2024-52518 (Nextcloud Server) : A session takeover allows an attacker who gains access to a user or admin session to create, modify, or delete external storages without re-entering a password. Descriptions across multiple sources (NVD, Red Hat, GitHub advisories) confirm the issue affects Nex...

5.4CVSS4.5AI score0.00529EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/15 4:46 p.m.17 views

CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...

4.4CVSS6.3AI score0.00529EPSS
Exploits0References7
CVE
CVE
added 2024/11/15 4:35 p.m.98 views

CVE-2024-52523

CVE-2024-52523 affects Nextcloud Server. When a user or administrator defines external storage with fixed credentials, the API returns those credentials and re-inserts them into the frontend, allowing an attacker with an active user session to read them in plain text. The vulnerability enables in...

6.5CVSS4.5AI score0.0063EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/11/15 4:35 p.m.30 views

CVE-2024-52523 Nextcloud Server Custom defined credentials of external storages are sent back to the frontend

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active sessi...

4.6CVSS0.0063EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2024/11/15 1:8 p.m.56 views

Custom defined credentials of external storages are sent back to the frontend

None...

6.5CVSS5.1AI score0.0063EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder