Lucene search
K

80 matches found

OSV
OSV
added 2026/05/27 4:15 a.m.12 views

USN-8314-1 ayttm vulnerabilities

It was discovered that Expat, vendored in Ayttm, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.1AI score0.34174EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin Homeo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
Veracode
Veracode
added 2026/03/13 5:6 a.m.6 views

Improper File Handling

zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...

8.3CVSS5.8AI score0.0008EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin Legal Stone 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

WordPress plugin HealthFirst 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/17 7:28 a.m.17 views

CVE-2026-2536

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...

6.5CVSS5.3AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

WordPress plugin Tails has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-28674

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02013EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.3 views

N-able N-central 安全漏洞

N-able N-central is an RMM platform from N-able Canada Inc. providing large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central that stems from improper file handling permissions, which could...

7.8CVSS6.8AI score0.00118EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.4 views

webkitgtk: Copying a URL from Web Inspector may lead to command injection

A flaw was found in WebKitGTK. Copying a URL from Web Inspector may lead to command injection due to improper file handling...

8.8CVSS5.7AI score0.02902EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.6 views

CVE-2021-41662

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution...

9.8CVSS8.4AI score0.02013EPSS
Exploits1
CNVD
CNVD
added 2025/05/22 12:0 a.m.1 views

Unspecified Vulnerability in D-Link DI-7003GV2

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7003GV2, which stems from improper handling of the file /H5/webgl.asp function sub41F4F0, which can be exploited by an attacker to cause an unverified password change...

7.5CVSS7.2AI score0.00572EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.3 views

WordPress plugin JS Job Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS8.3AI score0.00767EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.5 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems from the U.S. company Apple Apple developed specifically for Mac computers. A security vulnerability exists in Apple macOS Sequoia, which stems from improper file handling and could lead to application access to contacts...

4.3CVSS6.1AI score0.0047EPSS
Exploits0References4
Veracode
Veracode
added 2025/03/25 12:29 p.m.8 views

Denial Of Service (DoS)

Gradio is vulnerable to a Denial of Service DoS. The vulnerability is due to improper file handling due to the dataframe component using pd.readcsv, which accepts compressed files, allowing an attacker to upload a zip bomb that crashes the server...

7.5CVSS7AI score0.0061EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.8 views

Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

7.2CVSS8.2AI score0.01125EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/03/03 12:39 p.m.9 views

webkitgtk: Copying a URL from Web Inspector may lead to command injection

A flaw was found in WebKitGTK. Copying a URL from Web Inspector may lead to command injection due to improper file handling...

8.8CVSS5.7AI score0.02902EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/01/21 12:0 a.m.10 views

CVE-2024-24444

Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service DoS by repeatedly establishing SCTP connections with the N2 interface...

0.00422EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/14 3:47 a.m.18 views

Arbitrary File Write

keras is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of downloaded tar files in the getfile function. When the function extracts the tar file, it does not properly validate or sanitize the file paths, allowing attackers to write files to arbitrary locations o...

6.5CVSS6.8AI score0.00221EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2024/12/02 12:0 a.m.241 views

ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service

ABB Cylon Aspect 3.08.00 fileSystemUpdate.php Insecure File Upload Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management...

7.4AI score
Exploits0
Rows per page
Query Builder