CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2024/09/25 1:15 a.m.•4 views

CVE-2024-8941

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nmeditphpedit.php in the “subpage” parameter, which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a...

5.3CVSS5.9AI score0.00596EPSS

Exploits0References1

Positive Technologies•added 2024/09/24 12:0 a.m.•2 views

PT-2024-39326 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019 Description: A path traversal issue exists in Scriptcase, allowing unauthenticated remote users to bypass intended restrictions and list or read a parent directory. This is achieved via the "subpage" parameter in th...

7.5CVSS6.8AI score0.00596EPSS

Exploits0References7

Positive Technologies•added 2024/02/15 12:0 a.m.•4 views

PT-2024-1796 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerabl...

5.5CVSS5.3AI score0.00442EPSS

Exploits0References8

BDU FSTEC•added 2021/10/27 12:0 a.m.•2 views

The vulnerability of the MultiPartParser, UploadedFile, and FieldFile components of the Django web application framework lies in the lack of restrictions on file uploads. This allows attackers to gain access to confidential data.

The vulnerability of the MultiPartParser, UploadedFile, and FieldFile components of the Django web application framework lies in the lack of restrictions on file uploads. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data using files with specially...

7.5CVSS7.2AI score0.05291EPSS

Exploits0References11Affected Software4

PyPA•added 2021/05/05 3:15 p.m.•4 views

PYSEC-2021-7

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...

7.5CVSS7AI score0.05291EPSS

Exploits0References7Affected Software1

CNNVD•added 2021/05/04 12:0 a.m.•2 views

Django 代码问题漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A code issue vulnerability exists in Django that stems from insufficient validation of files when...

7.5CVSS7.5AI score0.05291EPSS

Exploits0References23

OSV•added 2019/01/16 6:29 p.m.•1 views

UBUNTU-CVE-2019-6460

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function recfieldsetname in the file rec-field.c in librec.a...

6.5CVSS6.9AI score0.01309EPSS

Exploits1References4

OSV•added 2019/01/16 6:29 p.m.•3 views

DEBIAN-CVE-2019-6460

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function recfieldsetname in the file rec-field.c in librec.a...

6.5CVSS7.4AI score0.01309EPSS

Exploits1References1