Lucene search
K

465 matches found

Snyk
Snyk
added 2025/09/03 5:43 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the filepathTemplate parameter in the CreateResource endpoint, when objects are stored locally. An authenticated attacker can write arbitrary files to the server filesystem by submitting a crafted filename...

6CVSS7.6AI score0.0032EPSS
Exploits1References2
NVD
NVD
added 2025/08/06 4:15 p.m.6 views

CVE-2024-8244

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...

3.7CVSS0.0019EPSS
Exploits0References2
OSV
OSV
added 2025/08/06 4:15 p.m.2 views

DEBIAN-CVE-2024-8244

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...

3.7CVSS5.3AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2025/08/06 4:15 p.m.5 views

CVE-2024-8244

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...

6.7AI score
Exploits0References2
CVE
CVE
added 2025/08/06 3:32 p.m.31 views

CVE-2024-8244

The CVE concerns Go’s filepath.Walk and filepath.WalkDir, which are documented to not follow symbolic links and are subject to a TOCTOU race where a path segment can be replaced by a symlink during traversal. The material here does not specify affected versions, exact vulnerable components beyond...

3.7CVSS6.4AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/06 3:32 p.m.2 views

CVE-2024-8244 Walk/WalkDir in path/filepath susceptible to symlink race

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...

6.3AI score0.0019EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/08/06 3:32 p.m.9 views

CVE-2024-8244

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...

3.7CVSS5.3AI score0.0019EPSS
Exploits0
Cvelist
Cvelist
added 2025/08/06 3:32 p.m.13 views

CVE-2024-8244 Walk/WalkDir in path/filepath susceptible to symlink race

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...

0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/04 12:0 a.m.4 views

Kingdee Cloud-Starry-Sky Enterprise Edition 路径遍历漏洞

Kingdee Cloud-Starry-Sky Enterprise Edition is a digital transformation solution for growing enterprises from China's Kingdee. A path traversal vulnerability exists in Kingdee Cloud-Starry-Sky Enterprise Edition 8.2 and earlier versions, which stems from path traversal due to incorrect operation ...

6.9CVSS5.4AI score0.00852EPSS
Exploits0References7
NVD
NVD
added 2025/07/22 10:15 p.m.6 views

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

8.1CVSS0.00562EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/22 9:34 p.m.6 views

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

7.5CVSS8.3AI score0.00562EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/22 9:34 p.m.10 views

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

7.5CVSS0.00562EPSS
Exploits0References3
OSV
OSV
added 2025/07/22 9:34 p.m.4 views

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

7.5CVSS8.5AI score0.00562EPSS
Exploits0References5
OSV
OSV
added 2025/06/30 6:15 p.m.3 views

CVE-2025-6925

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath...

9.1CVSS6.9AI score
Exploits0References5
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.3 views

RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework from the Chinese organization dromara. A security vulnerability exists in RuoYi-Vue-Plus version 5.4.0, which stems from an incorrect manipulation of the parameter filePath in the file MailController.java, resulting in path traversal...

9.1CVSS5.4AI score0.00864EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.5 views

CVE-2025-45890

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...

9.8CVSS8.2AI score0.01499EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/06/20 12:0 a.m.3 views

CVE-2025-45890

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...

8.1AI score0.01499EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/25 3:9 p.m.10 views

CVE-2025-5114

A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor=edit=cGhhcjovLy9ldGMvcGFzc3dk=edit of the component Committer. The manipulation of the argument filePath leads to...

6.5CVSS7AI score0.00426EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/25 12:0 a.m.3 views

H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filePath in the file...

7.5CVSS4.9AI score0.00651EPSS
Exploits0References5
NVD
NVD
added 2025/05/23 3:15 p.m.18 views

CVE-2025-5114

A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...

9.1CVSS0.00426EPSS
Exploits1References5
Rows per page
Query Builder