Lucene search
K

152 matches found

OSV
OSV
added 2025/06/16 11:15 a.m.5 views

AZL-64073 CVE-2025-4748 affecting package erlang 26.2.5.17-1

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

4.8CVSS6.6AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 9:21 a.m.30 views

CVE-2025-48781 Soar Cloud HRD Human Resource Management System - External Control of File Name or Path

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths...

8.7CVSS0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.5 views

CVE-2024-33860

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs...

6.5CVSS7AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:27 a.m.7 views

CVE-2023-32985

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.6AI score0.72358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:4 a.m.7 views

CVE-2022-28147

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.5AI score0.00719EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.24 views

CVE-2022-36918

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.6AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.11 views

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

6.5CVSS6.8AI score0.00479EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 12:0 a.m.11 views

CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

7.5CVSS7.2AI score0.00394EPSS
Exploits0References6
OSV
OSV
added 2025/04/21 9:51 p.m.6 views

CLSA-2025-1745272309 ghostscript: Fix of 2 CVEs

CVE-2024-33869: fix path traversal and command execution vulnerability in base/gpmisc.c - CVE-2024-33870: fix path traversal vulnerability to prevent unauthorized access to arbitrary files by restricting access to permitted paths...

6.3CVSS6.8AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 1:27 p.m.45 views

CVE-2025-31554

Docxpresso (WordPress plugin) CVE-2025-31554: Path traversal allows arbitrary file download in Docxpresso versions up to 2.6. Root cause is improper pathname limitation. Exploitation status not detailed in provided docs; Patch status is Unpatched as of the Connected Wordfence listing. Affected: D...

5.9CVSS7.2AI score0.00448EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.10 views

PT-2025-6427 · WordPress · Aforms Eats

Name of the Vulnerable Software and Affected Versions: AForms Eats plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Full Path Disclosure, which occurs due to the /vendor/aura/payload-interface/phpunit.php file being publicly accessible and displaying...

5.3CVSS9.3AI score0.00385EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/01/27 8:54 a.m.11 views

CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

5.7AI score0.47207EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/27 8:54 a.m.19 views

CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

0.47207EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.4 views

Gradio 授权问题漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. An authorization issue vulnerability exists in Gradio versions prior to 5.6.0 that stems from a lack of normalization of the path validation logic...

8.7CVSS6.4AI score0.00836EPSS
Exploits1References2
OSV
OSV
added 2024/12/13 8:59 p.m.6 views

GO-2024-3293 Full access to the host's OS file system using osfs.FS with Router.Static in goyave.dev/goyave/v5

Static file serving using router.Static and osfs.FS allows clients to access any file on the host file system using relative paths because the requested path is not sanitized and . and .. segments are accepted. The files will be returned as a response, provided the system user running the Go...

6.9AI score
Exploits0References2
OSV
OSV
added 2024/12/13 1:18 p.m.4 views

OESA-2024-2546 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

5.3CVSS6.9AI score0.01043EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.5 views

SAMSUNG mobile 安全漏洞

SAMSUNG mobile is a cell phone from Samsung South Korea. A security vulnerability exists in SAMSUNG mobile prior to SMR-Dec-2024 Release 1, which originates from the use of an alternate path to bypass authentication and allow a physical attacker to temporarily access the recent applications list...

2.4CVSS6.5AI score0.0022EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/11/29 3:48 a.m.4 views

SUSE CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

6.5CVSS6.9AI score0.01043EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/05/10 4:19 p.m.14 views

CVE-2024-34245

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...

6.6AI score0.00818EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.4 views

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0 that stems from the ability to view the contents of a specified file in incoming logs when an arbitrary file path is used in the file system collector...

6.5CVSS6.6AI score0.00446EPSS
Exploits0References3
Rows per page
Query Builder