Lucene search
+L

13 matches found

RedHat Linux
RedHat Linux
added 2026/07/07 9:54 a.m.6 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2442-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2442-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description...

9.1CVSS6AI score0.01452EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...

9.1CVSS6AI score0.01452EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.34 views

Linux Distros Unpatched Vulnerability : CVE-2026-8450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form...

9.1CVSS6AI score0.01452EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.7 views

CVE-2022-31577

The longmaoteamtf/audioalignerapp repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01174EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-52979

Malicious code in bioql PyPI...

9.3CVSS9.2AI score0.01242EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.10 views

CVE-2022-31557

The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:54 p.m.10 views

CVE-2022-31553

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01242EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:53 p.m.8 views

CVE-2022-31562

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01156EPSS
Exploits0References1
NVD
NVD
added 2022/07/11 1:15 a.m.13 views

CVE-2022-31550

The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01242EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 a.m.2 views

CVE-2022-31539

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS5.3AI score0.01242EPSS
Exploits1References2
OSV
OSV
added 2022/07/11 12:55 a.m.15 views

CVE-2022-31519

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS6.9AI score0.01242EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/04/29 1:50 p.m.7 views

CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...

9.9CVSS9.7AI score0.0841EPSS
Exploits1References5
Rows per page
Query Builder