Lucene search
K

26 matches found

Hacker One
Hacker One
added 2026/05/28 8:54 a.m.22 views

curl: curl External-Controlled Filename in `--url @file` Leads to Arbitrary File Overwrite

Vulnerability Report: curl External-Controlled Filename in --url @file Leads to Arbitrary File Overwrite 1. Product Overview curl is a widely used command-line tool and library libcurl for transferring data with URL syntax across multiple protocols such as HTTP, HTTPS, and FTP. It is preinstalled...

5.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2010-2213

Malware in sbrugna...

5.8CVSS7.5AI score0.00998EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-1433

Malware in sbrugna...

5CVSS5.4AI score0.01501EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-36674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypa...

5.3CVSS6.1AI score0.00623EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:1 a.m.26 views

BIT-MEDIAWIKI-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS5.7AI score0.00623EPSS
Exploits0References5
OSV
OSV
added 2024/02/03 12:22 a.m.9 views

GHSA-7F32-HM4H-W77Q github-slug-action use of `set-env` Runner commands which are processed via stdout

Impact This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w Patches The following versions use the recommended Environment File Syntax. - 2.1.1 - 1.1.1 Workarounds None, it is strongly suggested that you upgrade as soon as possible. For more...

7.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/03 12:22 a.m.16 views

github-slug-action use of `set-env` Runner commands which are processed via stdout

Impact This GitHub Action use set-env runner commands which are processed via stdout related to GHSA-mfwh-5m23-j46w Patches The following versions use the recommended Environment File Syntax. - 2.1.1 - 1.1.1 Workarounds None, it is strongly suggested that you upgrade as soon as possible. For more...

7.2AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/03 12:0 a.m.5 views

PT-2024-40157 · Github · Github-Slug-Action

Name of the Vulnerable Software and Affected Versions: github-slug-action versions prior to 1.1.1 github-slug-action versions prior to 2.1.1 Description: The issue is related to the use of set-env runner commands processed via stdout. It is recommended to upgrade to a version that uses the...

7.3AI score
Exploits0References3
OSV
OSV
added 2023/08/20 6:15 p.m.26 views

CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS7.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/08/20 6:15 p.m.4 views

CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS6AI score0.00623EPSS
Exploits0References8
OSV
OSV
added 2023/08/20 6:15 p.m.1 views

DEBIAN-CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS5.5AI score0.00623EPSS
Exploits0References1
OSV
OSV
added 2023/08/20 6:15 p.m.7 views

UBUNTU-CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS5.8AI score0.00623EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/08/20 12:0 a.m.46 views

CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

5.3CVSS5.2AI score0.00623EPSS
Exploits0
CVE
CVE
added 2023/08/20 12:0 a.m.85 views

CVE-2023-36674

Summary: CVE-2023-36674 affects MediaWiki prior to certain fixed versions. The issue allows bypass of the Bad image list (badFile) by abusing the thumb parameter (Manualthumb) in the File syntax. Affected versions (per sources): MediaWiki before 1.35.11; 1.36.x through 1.38.x before 1.38.7; 1.39....

5.3CVSS5.6AI score0.00623EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/15 8:50 p.m.36 views

GHSA-JH85-WWV9-24HV Any file can be included with the pymdown-snippets extension

Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...

7.5CVSS7.5AI score0.01558EPSS
Exploits1References5
OSV
OSV
added 2023/05/15 8:42 p.m.21 views

CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

7.5CVSS7.4AI score0.01558EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/06/02 12:0 a.m.6 views

The vulnerability of the TGA file syntax analysis implementation in the Autodesk Design Review software lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the TGA file syntax analysis implementation in the Autodesk Design Review software relates to the writing beyond buffer boundaries in memory during DWG file syntax analysis. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context o...

9.3CVSS7.9AI score0.01437EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.5 views

The vulnerability of the ClamAV antivirus software library and the Cisco AMP security tool for end devices allows a perpetrator to trigger a service failure.

The vulnerability of the ClamAV antivirus software library and the Cisco AMP tool for protecting against malicious software in end devices is related to resource management errors during CHM file syntax analysis. Exploiting this vulnerability can allow a remote attacker to cause service...

7.8CVSS6.7AI score0.0659EPSS
Exploits0References9Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/12/28 12:0 a.m.5 views

The vulnerability of Adobe Premiere Rush software, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Adobe Premiere Rush is related to insufficient validation of input data during the MP4 file syntax analysis. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

3.3CVSS6.3AI score0.01718EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.5 views

The vulnerability of the JT Utilities and JT Open Toolkit (JTTK) application development tools, related to data writing beyond the buffer limit, allows a perpetrator to execute arbitrary code.

The vulnerability of the JT Utilities and JT Open Toolkit JTTK application development tools is related to data writing outside of the buffer during JT file syntax analysis. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.8AI score0.00814EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder