7 matches found
EUVD-2022-27443
Malicious code in bioql PyPI...
PT-2025-23658 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 DataEase version 2.10.6 through 2.10.9 Description: The issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection due to a bypass of a previous patch...
PT-2025-13476 · Vite · Vite
Name of the Vulnerable Software and Affected Versions: Vite affected versions not specified Description: The issue is related to the transformMiddleware function of the @fs mechanism in Vite's local development server, which incorrectly handles special characters in input data. This can be...
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
Summary This is a POC for a path-sanitizer npm package. The filters can be bypassed and can result in path traversal. Payload: ..=%5c can be used to bypass this on CLI along with other candidates. Something similar would likely work on web apps as well. PoC Here's the code to test for the filter...
PT-2024-03: Vulnerability of reading internal application files in OpenKeychain
The vulnerability was identified in OpeKeychain v.5.8.2 58902. It allows a potential attacker to read any files available to an application including from the application sandbox and save files to external storage. The vulnerability is caused by insufficient filtering of input parameters...
CVE-2002-1442
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...
CVE-2001-0246
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain...