Lucene search
+L

317 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2992

Malware in sbrugna...

4.3CVSS6.1AI score0.00642EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-48113

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00634EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2918

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.01602EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-52824

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.0076EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31869

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00619EPSS
Exploits0References2
cnvd
cnvd
added 2025/08/18 12:0 a.m.4 views

Bottinelli Informatical Vedo Suite Server-Side Request Forgery Vulnerability

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. Bottinelli Informatical Vedo Suite suffers from a server-side request forgery vulnerability, which originates from the /apivedo/video/preview endpoint that do...

6.5CVSS7.3AI score0.0047EPSS
Exploits2References1
nessus
nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-28161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If temporary one-time permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that...

8.8CVSS8.2AI score0.00619EPSS
Exploits0References2
nvd
nvd
added 2025/08/06 9:15 p.m.36 views

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

6.5CVSS0.0047EPSS
Exploits2References1
osv
osv
added 2025/08/06 9:15 p.m.3 views

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

6.5CVSS6AI score0.0047EPSS
Exploits2References2
cvelist
cvelist
added 2025/08/06 12:0 a.m.32 views

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

0.0047EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/23 6:2 a.m.7 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS8.4AI score0.00619EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:30 a.m.5 views

CVE-2023-3121

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclose...

4.6CVSS6.5AI score0.00461EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 12:16 a.m.7 views

CVE-2022-45213

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL...

5.3CVSS7AI score0.00634EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 5:11 p.m.9 views

CVE-2020-8776

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via the URL property of a file...

5.4CVSS5.8AI score0.02676EPSS
Exploits5References1
redhatcve
redhatcve
added 2025/05/22 9:54 a.m.8 views

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...

3.5CVSS6.4AI score0.01397EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:39 a.m.10 views

CVE-2012-4903

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906...

5CVSS5.8AI score0.03103EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 3:54 a.m.6 views

CVE-2012-3697

WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise...

7.1CVSS6.7AI score0.01829EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 2:59 a.m.12 views

CVE-2012-4906

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903...

5CVSS6.2AI score0.03103EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/04/25 6:36 p.m.20 views

CVE-2025-3529

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...

8.2CVSS6.5AI score0.00359EPSS
Exploits0References1
cvelist
cvelist
added 2025/04/23 7:6 a.m.23 views

CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...

8.2CVSS0.00359EPSS
Exploits0References5
Rows per page
Query Builder