Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-27443

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.8 views

PT-2025-23658 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 DataEase version 2.10.6 through 2.10.9 Description: The issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection due to a bypass of a previous patch...

8.8CVSS6.4AI score0.00439EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/03/24 12:0 a.m.4 views

PT-2025-13476 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite affected versions not specified Description: The issue is related to the transformMiddleware function of the @fs mechanism in Vite's local development server, which incorrectly handles special characters in input data. This can be...

7.8CVSS6.1AI score
Exploits1References10
Github Security Blog
Github Security Blog
added 2025/01/02 12:52 p.m.15 views

path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability

Summary This is a POC for a path-sanitizer npm package. The filters can be bypassed and can result in path traversal. Payload: ..=%5c can be used to bypass this on CLI along with other candidates. Something similar would likely work on web apps as well. PoC Here's the code to test for the filter...

9.3CVSS7.1AI score0.00733EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.4 views

PT-2024-03: Vulnerability of reading internal application files in OpenKeychain

The vulnerability was identified in OpeKeychain v.5.8.2 58902. It allows a potential attacker to read any files available to an application including from the application sandbox and save files to external storage. The vulnerability is caused by insufficient filtering of input parameters...

5.1CVSS7.1AI score
Exploits0
NVD
NVD
added 2003/04/11 4:0 a.m.14 views

CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...

7.5CVSS6.7AI score0.01374EPSS
Exploits1References4
NVD
NVD
added 2001/06/27 4:0 a.m.17 views

CVE-2001-0246

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain...

5CVSS6.1AI score0.05645EPSS
Exploits0References1
Rows per page
Query Builder