CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1231 matches found

CVE•added 2024/08/29 12:0 a.m.•110 views

CVE-2024-45436

CVE-2024-45436 affects Ollama prior to 0.1.47, where extractFromZipFile in model.go can write ZIP entries outside the parent directory (Zip Slip/path traversal). The connected exploit document confirms a practical path traversal/vector in Ollama and notes exploitation could lead to arbitrary file...

9.1CVSS6.9AI score0.29079EPSS

Exploits2References2Affected Software1

Veracode•added 2024/08/27 9:0 a.m.•6 views

Improper File Path Handling

unzip-stream is vulnerable to Improper File Path Handling. The vulnerability is due to the Extract method allowing malicious zip files to write to unauthorized paths...

7AI score

Exploits0

Positive Technologies•added 2024/08/26 12:0 a.m.•3 views

PT-2024-40128 · Unknown · Unzip-Stream

Name of the Vulnerable Software and Affected Versions: unzip-stream versions prior to 0.3.2 Description: The issue allows malicious zip files to write to unauthorized paths when using the Extract method of unzip-stream. A researcher from Google, Justin Taft, discovered this issue. Recommendations...

8.7CVSS7.2AI score

Exploits0References6

NVD•added 2024/08/22 7:15 p.m.•11 views

CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

8.7CVSS0.0023EPSS

Exploits0References22

AlpineLinux•added 2024/08/22 6:45 p.m.•25 views

CVE-2024-8088

8.7CVSS7.5AI score0.0023EPSS

Exploits0

OSV•added 2024/07/26 4:53 p.m.•1 views

MAL-2024-12316 Malicious code in oe-extract-ids (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bebbe22a538c4b7b6688bd82facdd749052e801663cf523c8d9c1eb11f81ea57 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score

Exploits0References1

OSSF Malicious Packages•added 2024/07/26 4:53 p.m.•5 views

Malicious code in oe-extract-ids (PyPI)

7.3AI score

Exploits0References1

Cvelist•added 2024/07/19 7:58 p.m.•11 views

CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

7.5CVSS0.00314EPSS

Exploits0References5

Veracode•added 2024/07/16 6:32 a.m.•10 views

Path Traversal

@jmondi/url-to-png is vulnerable to Path Traversal. The vulnerability is due to the lack of proper sanitization or validation of the ImageId input within extractqueryparams.ts, which allows an attacker to store an image in an arbitrary location that the server has permission to access...

4.3CVSS6.8AI score0.00094EPSS

Exploits0References5Affected Software1

OSV•added 2024/06/27 4:15 p.m.•1 views

DEBIAN-CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

6.3CVSS5.8AI score0.00216EPSS

Exploits0References1

OSSF Malicious Packages•added 2024/06/25 1:25 p.m.•2 views

Malicious code in Be.Vlaandеren.Basisregisters.PostalRegistry.Apі.Extract (NuGet)