Lucene search
K

180 matches found

OSV
OSV
added 2025/04/30 10:15 p.m.3 views

CVE-2024-30146

Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2025/04/30 9:16 p.m.55 views

CVE-2024-30146

The CVE-2024-30146 entry concerns HCL Domino Leap. Affected component: the endpoint handling import of applications. Root cause: improper access control allowing certain admin users to import applications from the server’s filesystem. Impact as described: potential unauthorized filesystem access ...

4.1CVSS4.6AI score0.00168EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/04/24 4:15 p.m.3 views

CVE-2024-30148

Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem...

4.1CVSS5.8AI score0.00224EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/17 4:54 a.m.8 views

Path Traversal

Mock API configuration is vulnerable to Path Traversal. The vulnerability is due to improper handling of user input in templating features, which allows attackers to manipulate file paths and access arbitrary files on the mock server filesystem...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 5:18 a.m.12 views

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.0329EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.6 views

Apache Doris 安全漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in...

5.4CVSS6.7AI score0.00993EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.5 views

PT-2025-2787 · Apache · Apache Doris

Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 2.1.8 Apache Doris versions prior to 3.0.3 Description: The issue allows application administrators to read arbitrary files from the server filesystem through path traversal, which is a type of vulnerability kno...

5.4CVSS7.2AI score0.00993EPSS
Exploits0References7
OSV
OSV
added 2025/02/01 4:15 a.m.4 views

CVE-2024-51534

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial o...

7.1CVSS5.8AI score0.00182EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/12/02 4:6 p.m.5 views

org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also...

7.5CVSS7.1AI score0.54862EPSS
Exploits6References4
NVD
NVD
added 2024/11/08 9:15 a.m.18 views

CVE-2024-50588

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enabl...

9.8CVSS0.00676EPSS
Exploits0References3
OSV
OSV
added 2024/08/12 2:50 p.m.24 views

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS7.1AI score0.00776EPSS
Exploits1References4
CVE
CVE
added 2024/08/07 11:4 p.m.95 views

CVE-2024-6707

Open WebUI suffers a path traversal and arbitrarily uploaded file vulnerability in version 0.1.105. The flaw arises when uploading files through the HTTP interface (via the + sign in the message input) to a static UPLOAD_DIR; the filename is taken from the request without validation, enabling tra...

8.8CVSS6.7AI score0.01003EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/07 11:4 p.m.37 views

CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...

7AI score0.01003EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2024/06/05 2:47 p.m.4 views

jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

6.5CVSS5.8AI score0.01262EPSS
Exploits0References6
NVD
NVD
added 2024/05/08 4:15 p.m.25 views

CVE-2024-24908

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem...

6.5CVSS6.5AI score0.00627EPSS
Exploits0References1
CVE
CVE
added 2024/05/08 3:48 p.m.60 views

CVE-2024-24908

Dell PowerProtect DM5500 (versions 5.15.0.0 and earlier) is affected by CVE-2024-24908 through a directory/path traversal that can allow a remote attacker with high privileges to delete arbitrary files on the server filesystem. Affected component: file system handling within the DM5500 appliance....

6.5CVSS6.8AI score0.00627EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/08 3:48 p.m.24 views

CVE-2024-24908

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem...

6.5CVSS6.7AI score0.00627EPSS
Exploits0References1
OSV
OSV
added 2024/04/24 8:15 a.m.5 views

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

7.8CVSS5.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 8:8 a.m.22 views

CVE-2024-28977

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of th...

3.3CVSS4.2AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/24 8:1 a.m.13 views

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

8.8CVSS6.6AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder