Lucene search
+L

1223 matches found

CNNVD
CNNVD
added 2026/04/05 12:0 a.m.10 views

Ollama 代码问题漏洞

Ollama is an open-source tool developed by Ollama that allows for the running, management, and customization of large language models on local devices. Ollama versions 18.1 and earlier had a code vulnerability caused by server-side request forgery in the file server/download.go...

6.5CVSS6.6AI score0.00297EPSS
Exploits2References3
OSV
OSV
added 2026/04/03 9:58 p.m.2 views

GHSA-6QCC-6Q27-WHP8 goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Summary deleteFile missing return after path traversal check | httpserver/handler.go:645-671 The finding affects the default configuration, no flags or authentication required. Details File: httpserver/handler.go:645-671 Trigger: GET /?delete handler.go:157-160 dispatches to deleteFile The functi...

9.8CVSS6.1AI score0.00683EPSS
Exploits1References4
OSV
OSV
added 2026/04/03 4:7 a.m.3 views

GHSA-G8MV-VP7J-QP64 goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

Summary PUT upload has no path sanitization | httpserver/updown.go:20-69 This finding affects the default configuration, no flags or authentication required. Details File: httpserver/updown.go:20-69 Trigger: PUT / server.go:57-59 routes directly to put The handler uses req.URL.Path raw to build t...

9.8CVSS6.1AI score0.00683EPSS
Exploits1References3
OSV
OSV
added 2026/03/30 5:0 p.m.3 views

CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function childprocess.execSync of the file src/server.ts. The manipulation of the argument gitdiff.baseref/gitdiff.files results in os command injection. The attack is only possible with local...

4.8CVSS5.7AI score0.0083EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-30974

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...

5.4CVSS6AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-24283

Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...

8.8CVSS6AI score0.00383EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/26 2:26 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fixture process. An attacker can access or overwrite arbitrary files by supplying specially crafted input containing path traversal sequences. Details A Directory Traversal attack also known as path traversal...

9.3CVSS6.5AI score0.00566EPSS
Exploits0References2
NVD
NVD
added 2026/03/23 9:17 p.m.5 views

CVE-2026-23483

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

6.9CVSS0.00771EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:28 p.m.2 views

CVE-2026-23483

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

6.9CVSS5.8AI score0.00771EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/23 8:28 p.m.6 views

EUVD-2026-14535

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

6.9CVSS5.8AI score0.00771EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/23 8:28 p.m.23 views

CVE-2026-23483 Blinko: Unauthorized Arbitrary File Read - /plugins

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

6.9CVSS0.00771EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/23 8:28 p.m.2 views

CVE-2026-23483 Blinko: Unauthorized Arbitrary File Read - /plugins

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

6.9CVSS5.8AI score0.00771EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:25 p.m.4 views

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 8:25 p.m.3 views

CVE-2026-23482 Blinko: Unauthorized Arbitrary File Read - /api/file/temp

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27205

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4 Description The file server endpoint does not validate permissions on the temp/ path and does not filter path traversal sequences, potentially allowing unauthorized access to arbitrary files on the server. If...

8.2CVSS5.4AI score0.01523EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27206

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.3 Description Blinko is an AI-powered card note-taking project. The plugin file server endpoint uses the join function to concatenate paths but does not verify if the final path is within the plugins directory,...

6.9CVSS5.2AI score0.00771EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

Blinko 路径遍历漏洞

Blinko is an open-source AI-based card-based note-taking app designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko 1.8.3 and earlier contained a path traversal vulnerability. This vulnerability occurred because the plugin file server endpoint used the join...

6.9CVSS5.8AI score0.00771EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/13 6:55 p.m.11 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...

8.1CVSS6.3AI score0.00521EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 4:47 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the resolveURI function while performing directory validation when the configuration value livy.file.local-dir-whitelist is set to a non-default value. An attacker can gain unauthorized access to arbitrary...

9.1CVSS6.3AI score0.00597EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 2:22 p.m.6 views

EUVD-2026-11379

Copyparty has unexpected JavaScript execution via crafted URL to folder with .prologue.html...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder