Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-28335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the...

9.1CVSS8.1AI score0.00842EPSS
Exploits0References2
NVD
NVD
added 2024/03/27 6:15 a.m.18 views

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

9.1CVSS6.6AI score0.00842EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/03/27 6:15 a.m.19 views

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

9.1CVSS7.2AI score0.00842EPSS
Exploits0References7
PyPA
PyPA
added 2024/03/27 6:15 a.m.7 views

PYSEC-2024-49

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

9.1CVSS7AI score0.00842EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/27 12:0 a.m.12 views

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

7.2AI score0.00842EPSS
Exploits0References6
CVE
CVE
added 2024/03/27 12:0 a.m.60 views

CVE-2024-28335

CVE-2024-28335 affects Lektor prior to 3.3.11. The issue is an unsanitized DB path traversal that can permit shell commands via a file added to the templates directory when a user’s browser visits an untrusted site that sends requests to localhost:5000, with the browser and the Lektor server runn...

9.1CVSS6.7AI score0.00842EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/03/27 12:0 a.m.44 views

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

6.8AI score0.00842EPSS
Exploits0References6
Rows per page
Query Builder