Lucene search
K

53 matches found

NVD
NVD
added 2025/11/10 1:15 a.m.9 views

CVE-2025-12923

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS0.00512EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/10 12:32 a.m.5 views

CVE-2025-12923 liweiyi ChestnutCMS download resourceDownload path traversal

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS6.5AI score0.00512EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/10 12:32 a.m.6 views

EUVD-2025-38723

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS3.9AI score0.00512EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0245

Malware in sbrugna...

9.3CVSS8.1AI score0.02104EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0336

Malware in sbrugna...

9.3CVSS8.1AI score0.02038EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0208

Malware in sbrugna...

9.3CVSS8.1AI score0.01682EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12849

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01139EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-29684

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-26735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports...

7.5CVSS7.3AI score0.00946EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.7 views

CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

7.5CVSS7.3AI score0.00946EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:56 a.m.8 views

CVE-2023-25787

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wbolt team WP资源下载管理 plugin = 1.3.9 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.6 views

Eva4 安全漏洞

Eva4 is GoldPanKit open source set based on SpringBoot 2.x, Shiro, MyBatis Plus and knife4j technologies such as rights management infrastructure project , can be used in conjunction with any eva system front-end to complete the development of the rights system . Eva4 v4.1.0 version of a security...

8.1CVSS6.8AI score0.00468EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.4 views

PT-2025-5875 · Unknown · Goldpankit Eva-Server

Name of the Vulnerable Software and Affected Versions: GoldPanKit eva-server version 4.1.0 Description: A vulnerability has been identified that affects the path parameter of the "/api/resource/local/download" endpoint. Manipulation of this path parameter can lead to arbitrary file download...

8.1CVSS7AI score0.00468EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/22 4:57 p.m.55 views

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

6.5CVSS7AI score0.00929EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2024/02/06 1:15 a.m.30 views

CVE-2023-6234

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...

9.8CVSS9.9AI score0.01383EPSS
Exploits0References4
Prion
Prion
added 2024/02/06 1:15 a.m.23 views

Buffer overflow

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...

7.5CVSS8.4AI score0.01383EPSS
Exploits0References4Affected Software29
Prion
Prion
added 2024/02/06 1:15 a.m.18 views

Buffer overflow

Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07...

7.5CVSS8.4AI score0.01383EPSS
Exploits0References4Affected Software29
Cvelist
Cvelist
added 2024/02/06 12:23 a.m.34 views

CVE-2023-6234

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...

9.8CVSS10AI score0.01383EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/25 12:0 a.m.5 views

LinkWeChat Security Breach

LinkWeChat is an open source SCRM system based on enterprise WeChat. A security vulnerability exists in LinkWeChat version 5.1.0, which stems from the parameter name in the file /linkwechat-api/common/download/resource that causes path traversal...

7.5CVSS6.8AI score0.0081EPSS
Exploits1References4
Citrix
Citrix
added 2023/07/17 12:0 a.m.9 views

User unable to open ICA file - No Error Reported

When end users access their Storefront and click on the desired published resource, the ICA file is downloaded as per customer configuration but nothing happens when the ICA file is double-clicked...

7.1AI score
Exploits0
Rows per page
Query Builder