Lucene search
K

66 matches found

OSV
OSV
added 3 days ago3 views

GHSA-8XWF-RJM4-XVHV oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

6.9CVSS5.7AI score
Exploits0References3
CVE
CVE
added 2026/06/18 4:12 p.m.13 views

CVE-2025-32422

AutoGPT contains a DoS vulnerability in StepThroughItemsBlock leading to disk exhaustion via unbounded downloads to FileStoreBlock. Before version 0.6.63, StepThroughItemsBlock can iterate over an arbitrary list and trigger downloads to FileStoreBlock without limiting loop count, while FileStoreB...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.7 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.4AI score0.00356EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/08 8:16 a.m.8 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.8AI score0.00356EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 8:16 a.m.4 views

UBUNTU-CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.8AI score0.00356EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/08 7:44 a.m.10 views

CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

5.8AI score0.00356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:44 a.m.7 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

5.8AI score0.00356EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/08 7:44 a.m.5 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.8AI score0.00356EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-38683

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.8AI score0.00356EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/04 1:22 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the VQLResponse result-set writer. An attacker can cause the server to exhaust available memory and crash by sending specially crafted messages through the standard client...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 1:22 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the VQLResponse result-set writer. An attacker can cause the server to exhaust available memory and crash by sending specially crafted messages through the standard client...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.7 views

elecV2P 路径遍历漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a path traversal vulnerability. This vulnerability stems from improper handling of parameters in the path.join function of the file/store/:key...

6.9CVSS6.1AI score0.00591EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/21 12:35 a.m.4 views

Directory Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via the 'findrunroot function in the FileStore...

8.4CVSS6.5AI score0.01682EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/21 12:35 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the 'findrunroot function in the FileStore tracking component. An attacker can access arbitrary files on the server by planting a malicious meta.yaml in an artifact folder to redirect artifact URI resolution to...

8.4CVSS7.7AI score0.01682EPSS
Exploits0References2
NVD
NVD
added 2026/02/09 8:15 p.m.5 views

CVE-2026-25480

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

6.5CVSS0.00412EPSS
Exploits1References4
CVE
CVE
added 2026/02/09 6:49 p.m.13 views

CVE-2026-25480

Litestar prior to 2.20.0 uses FileStore cache keys derived from Unicode NFKD normalization and ord() substitution without separators, enabling cache key collisions when used as a response-cache backend. An unauthenticated remote attacker can craft paths to trigger collisions, causing one URL to s...

6.5CVSS5.6AI score0.00412EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/09 6:49 p.m.7 views

CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

6.5CVSS5.7AI score0.00412EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/09 6:49 p.m.30 views

CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

6.5CVSS0.00412EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.7 views

PT-2026-7137

Name of the Vulnerable Software and Affected Versions Litestar versions prior to 2.20.0 Description Litestar is an Asynchronous Server Gateway Interface ASGI framework. When the FileStore is used as a response-cache backend, an unauthenticated remote attacker can trigger cache key collisions via...

6.5CVSS5.6AI score0.00412EPSS
Exploits1References13
CVE
CVE
added 2026/02/02 10:47 p.m.28 views

CVE-2026-25137

CVE-2026-25137 concerns the NixOS Odoo package, where from 21.11 to before 25.11 and 26.05, Odoo setups publicly expose the database manager without authentication. This permits unauthorized actors to delete and download the entire database, including the file store, with access evident from HTTP...

9.1CVSS5.4AI score0.09528EPSS
Exploits0References3
Rows per page
Query Builder