81 matches found
CPython 安全漏洞
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from unvalidated resource parameters, potentially leading to path traversal attacks...
Erlang/OTP 安全漏洞
Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. Erlang/OTP has a security vulnerability, which stems from issues with relative path traversal and improper isolation in the tftpfile module. These...
EUVD-2021-0987
Malware in sbrugna...
EUVD-2021-30293
Malicious code in bioql PyPI...
EUVD-2022-26205
Malicious code in bioql PyPI...
EUVD-2022-1156
Malicious code in bioql PyPI...
EUVD-2024-15868
Malicious code in bioql PyPI...
EUVD-2023-49978
Malicious code in bioql PyPI...
EUVD-2022-26026
Malicious code in bioql PyPI...
EUVD-2022-26061
Malicious code in bioql PyPI...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2024-38816, CVE-2024-38808, CVE-2024-35952)
Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can cra...
CVE-2021-43930
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
CVE-2021-24035
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...
PT-2025-20010 · Hackage · Spacecookie
Broken Path Sanitization in spacecookie Library The spacecookie library exposes the functions sanitizePath and sanitizeIfNotUrl intended to remove .. components from paths which can be used to prevent path traversal attacks. Due to erroneous comparison code, this elimination is not actually...
CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
Linux Distros Unpatched Vulnerability : CVE-2024-38816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...
Linux Distros Unpatched Vulnerability : CVE-2024-38819
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...
CVE-2024-56509
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
CVE-2024-6394
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the servejs function in app.py, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files ...