Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.14 views

PT-2026-7630

Name of the Vulnerable Software and Affected Versions OpenSatKit version 2.2.1 Description The software contains a buffer overflow issue due to the use of sprintf without proper length checking when formatting filenames into the EventErrStr buffer. The EventErrStr buffer is fixed at 256 bytes. Th...

5.8AI score0.00532EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.4 views

CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

9.8CVSS7.6AI score0.01365EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 9:31 p.m.7 views

GHSA-54F4-V6V9-9Q82 open-webui allows writing and deleting arbitrary files

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...

7CVSS7AI score0.01032EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2024/05/07 2:15 p.m.8 views

CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

9.8CVSS7.6AI score0.01365EPSS
Exploits0References4
OSV
OSV
added 2024/05/07 2:15 p.m.4 views

CVE-2024-33434

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering...

9.8CVSS6.1AI score0.80454EPSS
Exploits6References2
Prion
Prion
added 2017/03/23 5:59 p.m.23 views

Code injection

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot...

10CVSS8.1AI score0.11763EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder