100 matches found
CVE-2023-29004
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...
CVE-2022-23654
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path acces...
Siemens SIMATIC Devices Race Condition (CVE-2024-50010)
In the Linux kernel, the following vulnerability has been resolved: exec: don't WARN for racy pathnoexec check Both imode and noexec checks wrapped in WARNON stem from an artifact of the previous implementation. They used to legitimately check for the condition, but that got moved up in two...
Exploit for CVE-2025-7441
CVE-2025-7441 StoryChief - 1.0.42 - Unauthenticated Arbitrary...
EUVD-2018-5966
Malware in sbrugna...
GHSA-CCC3-FVFX-MW3V MobSF Path Traversal in GET /download/<filename> using absolute filenames
Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...
CVE-2025-55202
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...
CVE-2025-50900
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...
CVE-2025-50900
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...
The vulnerability of the cloud integrated development environment (IDE) Atheos relates to an incorrect restriction on the path to the restricted access directory. This allows a perpetrator to execute arbitrary files on the server.
The vulnerability of the cloud integrated development environment IDE Atheos is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary files on the server remotely...
CVE-2023-27602
In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect remove path condition check in the pmdomain driver, which could cause the kernel to crash...
PT-2024-33671 · Unknown +3 · Openrefine +3
Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The load-language command in OpenRefine expects a lang parameter to construct the path of the localization file to load, in the form translations-$LANG.json. However, in affected versions, it do...
Backstage Security Vulnerabilities
Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage backend-common, which stems from insufficiently detailed path checking using "resolveSafeChildPath". The vulnerability can be exploited to access files a...
The vulnerability of the gettext() function in the distributed version control system Git for Windows allows a hacker to insert any messages they want.
The vulnerability of the gettext function in the distributed version control system Git for Windows is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious individual to deploy arbitrary messages...
GHSA-X84R-JRQM-3HJ8 Apache Linkis Unrestricted File Upload vulnerability
In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...
Apache Linkis Unrestricted File Upload vulnerability
In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...
Jenkins Plugin Team Concert 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
freerdp: missing path sanitation with `drive` channel
A directory traversal issue was discovered in FreeRDP. The vulnerability exists due to missing path canonicalization and base path check for the drive channel. A malicious server can trick a FreeRDP based client to read files outside of the shared directory. This issue allows an attacker to gain...
kernel: ASoC: DPCM: Don't pick up BE without substream
In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcmaddpaths, it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric ...