Lucene search
K

10 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2025-210343

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...

10CVSS6.7AI score0.00613EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:30 p.m.1 views

CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/02/17 10:55 a.m.7 views

Improper Sandbox Protection

@anthropic-ai/claude-code is vulnerable to improper sandbox protection. The vulnerability is due to the sandbox failing to protect the .claude/settings.json file when it was absent at startup, which allows an attacker to create the file inside the sandbox and inject persistent hooks that execute...

10CVSS5.6AI score0.00416EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:22 p.m.16 views

qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

8.8CVSS6.2AI score0.0049EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/15 3:52 p.m.2 views

CVE-2021-47761

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...

8.5CVSS5.6AI score0.00095EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.22 views

CVE-2021-47761 MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...

8.5CVSS0.00095EPSS
Exploits0References2
NVD
NVD
added 2025/10/03 4:16 p.m.6 views

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

7.2CVSS0.2442EPSS
Exploits16References2
ATTACKERKB
ATTACKERKB
added 2023/05/31 8:15 p.m.8 views

CVE-2023-34257

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is restarted...

9.8CVSS6.2AI score0.01036EPSS
Exploits1References2
OSV
OSV
added 2021/10/26 2:15 p.m.3 views

CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...

7.8CVSS5.9AI score0.01276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/01/13 12:0 a.m.4 views

PT-2021-14648 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file. If the global config.xml...

8CVSS7.4AI score0.02219EPSS
Exploits0References10
Rows per page
Query Builder