Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/18 7:54 p.m.17 views

CVE-2026-49248 OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS0.00382EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: rsync (TSSA-2025:0082)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0082 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.4CVSS8.2AI score0.01659EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:10 a.m.3 views

CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.3AI score0.0081EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 1:47 p.m.7 views

CVE-2020-13355

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: =8.14, =13.4, =13.5, 13.5.2...

8.1CVSS6.3AI score0.0166EPSS
Exploits0References5
NVD
NVD
added 2022/04/12 5:15 p.m.49 views

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

7.5CVSS0.01359EPSS
Exploits1References2
Prion
Prion
added 2020/11/19 12:15 a.m.22 views

Path traversal

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: =8.14, =13.4, =13.5, 13.5.2...

5.5CVSS7.8AI score0.0166EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder