CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specif...

9.8CVSS7.3AI score0.07327EPSS

Exploits2References2

RedhatCVE•added 2025/05/22 6:39 p.m.•4 views

CVE-2021-36564

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...

9.8CVSS7.3AI score0.01097EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:39 p.m.•5 views

CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

10CVSS7.3AI score0.03362EPSS

Exploits1References1

GithubExploit•added 2024/10/19 12:49 p.m.•448 views

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Thephpleague Flysystem

CVE-2021-32708 Affected versions of this package are vulnerabl...

9.8CVSS8.3AI score0.07327EPSS

Exploits2

Hacker One•added 2022/10/03 2:32 p.m.•32 views

Nextcloud: Suspicious login app ships old league/flysystem version

A vulnerability in the Suspicious Login app allowed a remote attacker to execute arbitrary code on the target system due to a race condition. The vulnerability was caused by an outdated version of the Flysystem library 0.1.0 - 2.1.0 that allowed a malicious user to upload and execute arbitrary co...

9.8CVSS8.9AI score0.07327EPSS

Exploits2

Github Security Blog•added 2022/09/16 12:0 a.m.•28 views

ThinkPHP deserialization vulnerability

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS9.4AI score0.03772EPSS

Exploits1References3Affected Software1

OSV•added 2022/09/16 12:0 a.m.•36 views

GHSA-QJJJ-7G7H-54V3 ThinkPHP deserialization vulnerability

9.8CVSS9.8AI score0.03772EPSS

Exploits1References3

NVD•added 2022/09/15 2:15 a.m.•14 views

CVE-2022-38352

9.8CVSS0.03772EPSS

Exploits1References1

OSV•added 2022/09/15 2:15 a.m.•12 views

CVE-2022-38352

9.8CVSS9.7AI score

Exploits0References1

Prion•added 2022/09/15 2:15 a.m.•14 views

Deserialization of untrusted data

7.5CVSS9.7AI score0.03772EPSS

Exploits1References1Affected Software1

CVE•added 2022/09/15 1:5 a.m.•94 views

CVE-2022-38352

ThinkPHP v6.0.13 contains a deserialization vulnerability in the League\Flysystem\Cached\Storage\Psr6Cache component that can allow arbitrary code execution via a crafted payload. The issue affects ThinkPHP 6.0.13; affected component is League\Flysystem\Cached\Storage\Psr6Cache. Remediation cues ...

9.8CVSS9.7AI score0.03772EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/09/15 1:5 a.m.•12 views

CVE-2022-38352

9.9AI score0.03772EPSS

Exploits1References1

Github Security Blog•added 2022/09/15 12:0 a.m.•21 views

UniSharp Laravel Filemanager directory traversal vulnerability

UniSharp laravel-filemanager aka Laravel Filemanager with league/flysystem version = 2.0.0...

6.5CVSS6.3AI score0.91646EPSS

Exploits1References6Affected Software1

NVD•added 2022/09/14 11:15 p.m.•9 views

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

6.5CVSS0.91646EPSS

Exploits1References3

OSV•added 2022/09/14 11:15 p.m.•12 views

CVE-2022-40734

6.5CVSS6.4AI score

Exploits0References3