Lucene search
K

100 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.10 views

CVE-2023-29004

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

6.5CVSS6.8AI score0.00902EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.7 views

CVE-2022-23654

Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path acces...

8.1CVSS6.6AI score0.00712EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.4 views

Siemens SIMATIC Devices Race Condition (CVE-2024-50010)

In the Linux kernel, the following vulnerability has been resolved: exec: don't WARN for racy pathnoexec check Both imode and noexec checks wrapped in WARNON stem from an artifact of the previous implementation. They used to legitimately check for the condition, but that got moved up in two...

4.7CVSS6.1AI score0.00236EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/10/14 8:16 a.m.361 views

Exploit for CVE-2025-7441

CVE-2025-7441 StoryChief - 1.0.42 - Unauthenticated Arbitrary...

9.8CVSS7.7AI score0.37349EPSS
Exploits8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5966

Malware in sbrugna...

6.5CVSS6.7AI score0.03086EPSS
Exploits1References9
OSV
OSV
added 2025/09/02 5:14 p.m.6 views

GHSA-CCC3-FVFX-MW3V MobSF Path Traversal in GET /download/<filename> using absolute filenames

Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...

5.3CVSS6.9AI score0.0073EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/31 4:27 p.m.4 views

CVE-2025-55202

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

6.9CVSS6.8AI score0.00359EPSS
Exploits0References1
NVD
NVD
added 2025/08/25 3:15 p.m.4 views

CVE-2025-50900

An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...

9.8CVSS0.00648EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.2 views

CVE-2025-50900

An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...

7.5AI score0.00648EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/08/04 12:0 a.m.10 views

The vulnerability of the cloud integrated development environment (IDE) Atheos relates to an incorrect restriction on the path to the restricted access directory. This allows a perpetrator to execute arbitrary files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary files on the server remotely...

9CVSS5.8AI score0.00414EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 10:17 a.m.24 views

CVE-2023-27602

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

9.8CVSS6.7AI score0.01996EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.8 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect remove path condition check in the pmdomain driver, which could cause the kernel to crash...

5.5CVSS6.5AI score0.00206EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.3 views

PT-2024-33671 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The load-language command in OpenRefine expects a lang parameter to construct the path of the localization file to load, in the form translations-$LANG.json. However, in affected versions, it do...

9.8CVSS6.6AI score0.45473EPSS
Exploits8References45
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.6 views

Backstage Security Vulnerabilities

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage backend-common, which stems from insufficiently detailed path checking using "resolveSafeChildPath". The vulnerability can be exploited to access files a...

8.7CVSS6.7AI score0.00801EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/10/13 12:0 a.m.6 views

The vulnerability of the gettext() function in the distributed version control system Git for Windows allows a hacker to insert any messages they want.

The vulnerability of the gettext function in the distributed version control system Git for Windows is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious individual to deploy arbitrary messages...

3.3CVSS6.6AI score0.01055EPSS
Exploits0References11Affected Software12
OSV
OSV
added 2023/07/06 7:24 p.m.17 views

GHSA-X84R-JRQM-3HJ8 Apache Linkis Unrestricted File Upload vulnerability

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

9.8CVSS9.4AI score0.01996EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.21 views

Apache Linkis Unrestricted File Upload vulnerability

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

9.8CVSS6.8AI score0.01996EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.5 views

Jenkins Plugin Team Concert 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00497EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/16 8:59 a.m.67 views

freerdp: missing path sanitation with `drive` channel

A directory traversal issue was discovered in FreeRDP. The vulnerability exists due to missing path canonicalization and base path check for the drive channel. A malicious server can trick a FreeRDP based client to read files outside of the shared directory. This issue allows an attacker to gain...

5.7CVSS5.8AI score0.00889EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.3 views

kernel: ASoC: DPCM: Don't pick up BE without substream

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcmaddpaths, it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric ...

5.5CVSS6.3AI score0.00157EPSS
Exploits0References5
Rows per page
Query Builder