Lucene search
K

53 matches found

Veracode
Veracode
added 2026/06/11 5:38 a.m.9 views

Arbitrary File Write

open-webui/open-webui is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of file paths in the downloadmodel endpoint on Windows, which allows an attacker to manipulate file paths and write files to arbitrary locations on the server...

7.2CVSS6.7AI score0.01125EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/01 3:1 p.m.73 views

CVE-2026-8643

CVE-2026-8643 affects pip: a flaw in how entry-point names in wheel files are handled can cause path traversal and arbitrary file overwrite during wheel installation. Exploitation can overwrite files outside the installation directory. Reports from SUSE, AWS Amazon Linux advisories, and Red Hat r...

8CVSS5.8AI score0.00275EPSS
Exploits0References29Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/05/22 12:0 a.m.20 views

VulnCheck KEV: CVE-2026-39365

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

6.3CVSS5.8AI score0.00914EPSS
In wildExploits1References10
OSV
OSV
added 2026/03/26 5:48 p.m.2 views

SUSE-SU-2026:1091-1 Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Fixed insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Fixed...

7.8CVSS5.9AI score0.00235EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Both Apple iOS and Apple iPadOS have security vulnerabilities that stem from path handling issues, which may...

6.8CVSS5.8AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

Navtor NavBox 安全漏洞

Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox. This vulnerability stems from the HTTP service not...

7.5CVSS5.8AI score0.00451EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-37372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtl...

3.6CVSS7.1AI score0.00477EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/11 10:58 p.m.8 views

EUVD-2026-5921

A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files...

7.5CVSS5.7AI score0.00775EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/12/22 11:31 a.m.2 views

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

6.5CVSS5.7AI score0.00489EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/12/22 9:31 a.m.1 views

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

6.5CVSS5.7AI score0.00489EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/12/22 1:35 a.m.2 views

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

6.5CVSS5.7AI score0.00489EPSS
Exploits1References8
NVD
NVD
added 2025/12/11 1:16 a.m.5 views

CVE-2025-67718

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS0.00287EPSS
Exploits0References2
OSV
OSV
added 2025/12/11 12:58 a.m.6 views

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS6.6AI score0.00287EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50565

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS6.7AI score0.00287EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/10 8:11 p.m.11 views

Formio improperly authorized permission elevation through specially crafted request path

Security Advisory: Unauthorized permission elevation through specially crafted request path Summary: A flaw in path handling could allow an attacker to access protected API endpoints by sending a crafted request path. This issue could result in unauthorized data disclosure under certain...

8.7CVSS6.4AI score0.00287EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/09 8:3 a.m.5 views

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

6.5CVSS5.7AI score0.00489EPSS
Exploits1References8
OSV
OSV
added 2025/11/25 9:18 a.m.7 views

RLSA-2025:21485 Moderate: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 JDK: Enhance String Handling CVE-2025-61748 For more details about...

5.9CVSS6.7AI score0.00633EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/25 1:11 a.m.2 views

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

6.5CVSS5.7AI score0.00489EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.2 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that stems from improper handling of directory paths, which could cause an application to gain root privileges. The following...

7.8CVSS6.4AI score0.00225EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-37706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles...

7.8CVSS7.1AI score0.05486EPSS
Exploits15References2
Rows per page
Query Builder