Lucene search
K

35 matches found

EUVD
EUVD
added 2026/05/27 2:42 p.m.11 views

EUVD-2026-32534

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36131

Name of the Vulnerable Software and Affected Versions JeeSite version 5.15.1 Description An issue in the '/a/file/upload' endpoint allows authenticated attackers with file upload permissions to perform path traversal and write arbitrary files with whitelisted suffixes to any location on the...

9.6CVSS5.9AI score0.00383EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

itsourcecode Construction Management System 注入漏洞

itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a SQL injection vulnerability, which stems from the handling of the parameter “address” in the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22221

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks, a private data network, contains a flaw in its command execution functionality. Authenticated users can redirect command output to arbitrary file locations, potentially overwriting...

8.8CVSS6.2AI score0.01951EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31314

File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...

9.8CVSS7.2AI score0.0074EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-1501

Malware in sbrugna...

5.3CVSS5.7AI score0.01758EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.2AI score0.00769EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS0.00769EPSS
Exploits1References1
OSV
OSV
added 2025/02/26 7:1 a.m.1 views

UBUNTU-CVE-2022-49418

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4label on referral lookup. Send along the already-allocated fattr along with nfs4fslocations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as:...

5.5CVSS5.7AI score0.00215EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/14 4:18 p.m.28 views

CVE-2024-3220 Default mimetype known files writeable on Windows

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS0.00478EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/02/14 4:18 p.m.9 views

CVE-2024-3220

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS5AI score0.00478EPSS
Exploits0
CVE
CVE
added 2025/02/14 4:18 p.m.75 views

CVE-2024-3220

CVE-2024-3220 affects the CPython standard library mimetypes module. On Windows, the default known-file locations (and on other platforms via the same locations) are writable, allowing a user to create invalid files and potentially trigger MemoryError at Python startup or cause mis-interpretation...

2.3CVSS6.8AI score0.00478EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/12 7:15 a.m.4 views

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

8.8CVSS5.7AI score0.00772EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/12 12:0 a.m.10 views

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

7AI score0.00772EPSS
Exploits0References1
OSV
OSV
added 2023/10/04 4:15 a.m.5 views

CVE-2023-5369

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

7.1CVSS5.9AI score0.00185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/14 7:15 p.m.5 views

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

8.8CVSS5.9AI score0.00741EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.5 views

Parallels Access 代码问题漏洞

Parallels Access is a parallel access application from Parallels USA. enabling the fastest, easiest, and most reliable remote access to your computer from anywhere. A code issue vulnerability exists in Parallels Access Agent version 6.5.4 39316 that stems from This vulnerability allows a local...

7.8CVSS7.9AI score0.00322EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.5 views

JqueryForm.com Jquery Form Builder 安全漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. The JqueryForm.com Jquery Form Builder suffers from a path traversal vulnerability that stems from a unique ID field being included in the POST response when submitting a form.Forms generated by JQueryForm.com before...

9.8CVSS8.3AI score0.02606EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.4 views

BeyondTrust Privilege Management 安全漏洞

BeyondTrust Privilege Management is the BeyondTrust Privilege Management tool for Windows and Mac SaaS from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management that stems from the fact that BeyondTrust Privilege Management prior to version 21.6 creates temporary...

7.8CVSS7.3AI score0.00288EPSS
Exploits0References3
NVD
NVD
added 2021/05/12 9:15 a.m.19 views

CVE-2021-23892

By exploiting a time of check to time of use TOCTOU race condition during the Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrar...

8.2CVSS0.00197EPSS
Exploits0References1
Rows per page
Query Builder