206 matches found
GHSA-HMMH-292H-3364 Weaviate OSS has path traversal vulnerability via the Shard Movement API
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the fileName field in the transfer logic. An attacker can access arbitrary files accessible to the service process by invoking the GetFile method when a shard is in the "Pause file...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the fileName field in the transfer logic. An attacker can access arbitrary files accessible to the service process by invoking the GetFile method when a shard is in the "Pause file...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the fileName field in the transfer logic. An attacker can access arbitrary files accessible to the service process by invoking the GetFile method when a shard is in the "Pause file...
CVE-2025-64992
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
PT-2025-50958
Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description A flaw exists in Weaviate OSS that allows an attacker to read arbitrary files accessible to the service process. This occurs because of insufficient validation of the fileName field during file...
CVE-2025-67819
CVE-2025-67819 affects Weaviate OSS up to version 1.33.4. The issue is caused by lack of validation of the fileName field in the transfer logic, enabling an attacker who can invoke the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationService is reachable t...
CVE-2025-64992
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
CVE-2025-64992
CVE-2025-64992 describes a command injection in TeamViewer DEX (formerly 1E DEX), specifically in the 1E-Nomad-PauseNomadJobQueue instruction before version V25. The root cause is improper input validation that allows authenticated attackers with Actioner privileges to inject arbitrary commands, ...
EUVD-2025-202672
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
CVE-2025-64992 Command Injection in 1E-Nomad-PauseNomadJobQueue Instruction
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
CVE-2025-64992
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
CVE-2025-65033 Rallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID Manipulation
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...
PT-2025-47510
Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An authorization flaw exists in the poll management feature of Rallly. The system identifies polls using the pollId without verifying user ownership. This allows any authenticated user to pause or...
DataX-Web 访问控制错误漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. An access control error vulnerability exists in DataX-Web 2.1.2 and earlier versions, which stems from incorrect operation of the function remove/update/pause/start/triggerJob in the...
EUVD-2015-1143
Malware in sbrugna...
EUVD-2020-30614
Malware in sbrugna...
EUVD-2015-4228
Malware in sbrugna...
EUVD-2018-0878
Malware in sbrugna...