Lucene search
K

30 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-3323

Malware in sbrugna...

2.6CVSS6.4AI score0.01391EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-22305

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.31977EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.10 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...

5.3CVSS6.9AI score0.31977EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/05 2:31 a.m.5 views

SUSE CVE-2025-1936

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

5.4CVSS6.8AI score0.00413EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2024/04/15 12:0 a.m.6 views

The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity, related to errors in processing the relative path to the directory, allows a hacker to extract data from JAR archives.

The vulnerability of the Continuous Integration and Application Delivery system CI/CD of TeamCity in JetBrains is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor to remotely read data from JAR archives...

5.3CVSS5.9AI score0.31977EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.38 views

TeamCity Server < 2023.11.3 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.3. It is, therefore, affected by multiple vulnerabilities: - Authentication bypass leading to RCE vulnerability CVE-2024-23917 - Path traversal allowed...

9.8CVSS7.7AI score0.5373EPSS
Exploits0References3
OSV
OSV
added 2024/02/06 10:15 a.m.5 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...

5.3CVSS5.8AI score0.31977EPSS
Exploits0References1
NVD
NVD
added 2024/02/06 10:15 a.m.31 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...

5.3CVSS5.8AI score0.31977EPSS
Exploits0References1
Prion
Prion
added 2024/02/06 10:15 a.m.26 views

Path traversal

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...

5CVSS7.2AI score0.31977EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/06 9:21 a.m.25 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...

5.3CVSS6.9AI score0.31977EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/06 9:21 a.m.52 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...

5.3CVSS6.6AI score0.31977EPSS
Exploits0References1
CVE
CVE
added 2024/02/06 9:21 a.m.75 views

CVE-2024-24942

CVE-2024-24942 affects JetBrains TeamCity versions prior to 2023.11.3. The vulnerability is a path traversal in JAR archives that allows reading data from within JAR files. Public sources in the connected documents consistently describe the issue as a path traversal vulnerability in TeamCity lead...

5.3CVSS5.3AI score0.31977EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/23 12:0 a.m.4 views

sbt path traversal vulnerability

sbt is a build tool for Scala, Java and more. A security vulnerability exists in versions prior to sbt 1.9.7, which stems from a vulnerability that allows attackers to write arbitrary files via specially crafted zip or JAR files...

7.1CVSS6.9AI score0.0034EPSS
Exploits1References6
OSV
OSV
added 2022/11/07 12:0 p.m.4 views

GHSA-94RR-4JR5-9H2P Apache Ivy does not verify target path when extracting the archive

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to version 2.5.1 doesn't verify the target path when extracting the...

9.1CVSS7AI score0.01819EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.31 views

openSUSE 15 Security Update : fastjar (openSUSE-SU-2021:1107-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1107-1 advisory. - Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite...

5.8CVSS5.8AI score0.03681EPSS
Exploits2References4
Cvelist
Cvelist
added 2020/06/15 6:7 p.m.33 views

CVE-2020-13651

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client...

7.5AI score0.00905EPSS
Exploits0References1
NVD
NVD
added 2019/12/05 4:15 a.m.20 views

CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...

9.8CVSS9.5AI score0.01771EPSS
Exploits1References2
Prion
Prion
added 2019/12/05 4:15 a.m.19 views

Design/Logic Flaw

DISPUTED The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file...

7.5CVSS9.4AI score0.01771EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2019/12/05 3:16 a.m.20 views

CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...

6.9AI score0.01771EPSS
Exploits1References2
CVE
CVE
added 2019/12/05 3:16 a.m.75 views

CVE-2019-19589

The CVE-2019-19589 affects the Lever PDF Embedder plugin for WordPress (v4.4). The vulnerability stems from the plugin not blocking polyglot PDF documents that are valid JAR archives during distribution, with the upload process controlled by WordPress core rather than the plugin itself. This mean...

9.8CVSS9.3AI score0.01771EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder