Lucene search
K

49 matches found

CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Meesho Online Shopping 加密问题漏洞

Meesho Online Shopping is an e-commerce system developed by the Meesho company. Versions of Meesho Online Shopping prior to 27.3 contained a security vulnerability related to encrypted data handling. This vulnerability stemmed from incorrect operations with files and API endpoints, potentially...

6.3CVSS5.8AI score0.00188EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.6 views

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS6.5AI score0.00777EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 6:15 p.m.5 views

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS0.00777EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 5:57 p.m.3 views

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS6.5AI score0.00777EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/20 2:46 p.m.3 views

open-vm-tools: Insecure file handling

A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine VM may tamper with the local files to trigger insecure file operations within that VM...

6.1CVSS5.7AI score0.00247EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/11 12:13 a.m.10 views

CVE-2025-42883 Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)

Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...

2.7CVSS0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5991

Malware in sbrugna...

9.9CVSS8.9AI score0.04747EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-44597

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00257EPSS
Exploits0References11
Ubuntu
Ubuntu
added 2025/06/03 9:23 a.m.4 views

USN-7508-2: Open VM Tools vulnerability

USN-7508-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS Original advisory details: It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to...

6.1CVSS6.5AI score0.00247EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.10 views

CVE-2020-13774

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...

9.9CVSS7.8AI score0.04747EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 a.m.8 views

CVE-2018-20945

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations SEC-354...

7.9CVSS7AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2025/05/13 9:0 a.m.6 views

USN-7508-1 open-vm-tools vulnerability

It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to perform insecure file operations and possibly elevate privileges in the guest...

6.1CVSS5.8AI score0.00247EPSS
Exploits0References2
OSV
OSV
added 2025/05/12 11:15 a.m.7 views

AZL-67797 CVE-2025-22247 affecting package open-vm-tools for versions less than 11.3.0-4

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM...

6.1CVSS5.8AI score0.00247EPSS
Exploits0References1
CVE
CVE
added 2025/05/12 10:46 a.m.257 views

CVE-2025-22247

CVE-2025-22247 affects open-vm-tools ( VMware Tools open-source components) and can be triggered by a non-administrative guest-VM user due to insecure file handling that may tamper local files, potentially enabling partial integrity impact within the guest. Several advisories confirm affected pac...

6.1CVSS6.2AI score0.00247EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2024/10/16 8:56 p.m.17 views

CVE-2023-32190

A flaw was found in the mlocate package of OpenSUSE and derived distributions. This issue occurs due to a insecure chmod call in the %post section of the mlocate package, allowing users to obtain read/write access to arbitrary files on the system when the mlocate package is re-installed or upgrad...

7.8CVSS7.5AI score0.00202EPSS
Exploits0References4
NVD
NVD
added 2024/10/16 12:15 p.m.22 views

CVE-2023-32190

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

8.5CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/16 12:3 p.m.16 views

CVE-2023-32190 mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

8.5CVSS7.2AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2024/10/16 12:3 p.m.61 views

CVE-2023-32190

CVE-2023-32190 affects the mlocate package (notably OpenSUSE-derived distributions). The vulnerability stems from an insecure chmod/permissions handling in the %post script, allowing a local attacker to abuse root-run file operations to make arbitrary files world-readable. Impact is localized to ...

8.5CVSS7.6AI score0.00202EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/10/16 12:3 p.m.14 views

CVE-2023-32190

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

8.5CVSS7.6AI score0.00202EPSS
Exploits0
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.4 views

openSUSE Tumbleweed 安全漏洞

openSUSE Tumbleweed is an open source system from SUSE Germany. A security vulnerability exists in openSUSE Tumbleweed that originates from allowing a user to make arbitrary files readable by everyone by abusing insecure file operations run with root privileges...

8.5CVSS7.5AI score0.00202EPSS
Exploits0References4
Rows per page
Query Builder