PT-2024-28243 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.3.0p18 Checkmk versions 2.2.0p35 Checkmk versions 2.1.0p48 Checkmk versions =2.0.0p39 EOL Description: The issue concerns the insertion of sensitive information into log files in Checkmk, causing SNMP and IMPI secrets of ho...

Relative Path Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Relative Path Traversal due to improper sanitization of the personalityfolder parameter. An attacker can read any folder in the personalityfolder on the victim's computer by...

PYSEC-2024-122

A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of t...

Directory Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Directory Traversal through the lollmsfilesystem.py file. An attacker can manipulate file paths to access or modify files outside of the intended directories by supplying maliciou...

PT-2024-38022 · Unknown · Parisneo/Lollms-Webui +1

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified parisneo/lollms affected versions not specified Description: A path traversal issue exists due to improper sanitization of the personality folder parameter in the "api open personality...

PT-2025-14528 · Amd · Amd Ryzen Ai

Name of the Vulnerable Software and Affected Versions: AMD RyzenTM AI affected versions not specified Description: The issue is related to incorrect default permissions on the AMD RyzenTM AI installation folder, which could allow an attacker to achieve privilege escalation, potentially resulting ...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

Yitu 安全漏洞

wondershare Yitu 亿图 is a one-stop office mapping tool from the Chinese company wondershare. A security vulnerability exists in Yitu version 3.2.2, which stems from a remote code execution vulnerability that allows an attacker to construct a special filename for the exp.adpx file in the form of a...

CVE-2024-24122

CVE-2024-24122 describes a remote code execution in Wanxing Technology’s Yitu project management. A crafted exp.adpx file is treated as a zip archive with a special filename, enabling decompression of the project file into the system startup folder, followed by a system restart and automatic exec...

CVE-2024-9145

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...

CVE-2024-9145 Local command injection in Wiz Code Visual Studio Code extension

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...

CVE-2024-9145 Local command injection in Wiz Code Visual Studio Code extension

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...

PT-2024-39454 · Microsoft +1 · Visual Studio Code +2

Name of the Vulnerable Software and Affected Versions: Wiz Code Visual Studio Code extension versions 1.0.0 through 1.5.3 Wiz legacy Visual Studio Code extension versions 0.13.0 through 0.17.8 Description: The issue allows for local command injection when a user opens a maliciously crafted...

Facial DNA provider leaks biometric data via WordPress folder

ChiceDNA exposed 8,000 sensitive records, including biometric images, personal details, and facial DNA data in an unsecured WordPress…...

CVE-2024-46471

The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information...

CVE-2024-46471

The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information...

CVE-2024-8404

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege...

PaperCut NG/MF 后置链接漏洞

PaperCut NG/MF is a print management system from PaperCut, Inc. PaperCut NG/MF suffers from a backlink vulnerability. An attacker exploiting this vulnerability could execute low-privilege code directly on the server via web-print-hot-folder...

CVE-2024-46649

eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder...

CVE-2024-46648

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scanfolder...