Lucene search
K

8 matches found

Nuclei
Nuclei
added yesterday38 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.5AI score0.04974EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2494

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.00859EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:26 a.m.6 views

CVE-2024-45188

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...

6.5CVSS7AI score0.00881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:47 a.m.11 views

CVE-2021-26639

This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system...

8.1CVSS6.8AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/23 7:16 p.m.19 views

CVE-2024-45190 Mage AI pipeline interaction request remote arbitrary file leak

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS0.00859EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/23 7:15 p.m.41 views

CVE-2024-45189 Mage AI git content request remote arbitrary file leak

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...

6.5CVSS0.00881EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/31 3:0 p.m.291 views

CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS0.04974EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/31 3:0 p.m.19 views

CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS7AI score0.04974EPSS
Exploits0References2
Rows per page
Query Builder