Lucene search
K

37 matches found

Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.6 views

PT-2025-26822 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms Pro plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the delete entry files function, allowing unauthenticated attackers to delete arbitrary...

7.5CVSS7.5AI score0.0058EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.5 views

PT-2025-26619 · Unknown · Servicestack

Name of the Vulnerable Software and Affected Versions: ServiceStack affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of ServiceStack. The specific flaw exists within the implementation of the FindType method, which...

8.1CVSS8.2AI score0.01128EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2025/06/23 12:0 a.m.5 views

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation o...

8.1CVSS7.5AI score0.01128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.8 views

CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

2.7CVSS6.7AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.7 views

CVE-2021-24639

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...

8.1CVSS6.8AI score0.00883EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:40 p.m.3 views

CVE-2021-30738

A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization...

5.5CVSS6.1AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:56 p.m.5 views

CVE-2020-9900

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges...

7.8CVSS5.4AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.7 views

CVE-2012-6099

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration...

4CVSS6.5AI score0.01118EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 3:15 p.m.24 views

CVE-2025-46433

In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible...

9.8CVSS0.00446EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/04/24 12:0 a.m.19 views

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the isZipEntryValide method. The issue results from the lack of proper...

7.2CVSS7.5AI score0.0156EPSS
Exploits0References1
Huntr
Huntr
added 2025/03/12 11:27 p.m.7 views

Path Traversal via Symbolic Links in `ObsidianReader`

Description The ObsidianReader class, designed to parse Obsidian vaults, contains a critical security flaw that allows arbitrary file read through symbolic links symlinks. When processing a vault, the reader does not resolve or validate the absolute paths of files, enabling an attacker to place a...

7.5CVSS6.9AI score0.00555EPSS
Exploits1
Veracode
Veracode
added 2025/01/27 10:25 a.m.8 views

Relative Path Traversal

github.com/hashicorp/go-slug is vulnerable to Relative Path Traversal. The vulnerability is due to improper path validation when extracting user-provided paths from tar entries, allowing for directory traversal and potential overwriting of arbitrary files...

9.1CVSS6.8AI score0.00667EPSS
Exploits0References4Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/07/18 12:0 a.m.7 views

SolarWinds Access Rights Manager CreateFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CreateFile method. The issue results from the lack of proper...

10CVSS7.3AI score0.01344EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/14 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2024-0056)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/04 12:0 a.m.4 views

PT-2024-11055 · Meinberg · Meinberg Lantime-Firmware +1

Name of the Vulnerable Software and Affected Versions: Meinberg LANTIME-Firmware versions 6.24.029 and earlier Meinberg LANTIME-Firmware versions 7.04.008 and earlier Description: An issue was discovered in the LTOS-Web-Interface where path validation is mishandled. This allows an admin to read o...

7.2CVSS6.9AI score0.00664EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2023/10/31 12:0 a.m.44 views

java-17-openjdk security and bug fix update

1:17.0.9.0.9-2.0.1 - Update to jdk-17.0.9+9 GA - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x8664 with AVX-512 JDK-8317121 CVE-2023-22025 - OpenJDK: certificate path validation issue during client authentication JDK-8309966 CVE-2023-22081 - OpenJDK: Additional zip64...

5CVSS5.9AI score0.014EPSS
Exploits0
OSV
OSV
added 2022/04/26 11:57 a.m.1 views

USN-5388-2 openjdk-17 vulnerabilities

It was discovered that OpenJDK incorrectly verified ECDSA signatures. An attacker could use this issue to bypass the signature verification process. CVE-2022-21449 It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could...

7.5CVSS6.3AI score0.46677EPSS
Exploits6References7
Rows per page
Query Builder