Lucene search
K

33 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:26 a.m.5 views

CVE-2024-49770

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

8.7CVSS6.9AI score0.00682EPSS
Exploits0References1
OSV
OSV
added 2025/05/12 7:15 p.m.4 views

UBUNTU-CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

7.6CVSS5.8AI score0.00697EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/12 7:1 p.m.18 views

CVE-2024-4982 Pagure: path traversal in view_issue_raw_file()

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

7.6CVSS0.00697EPSS
Exploits1References4
CVE
CVE
added 2025/03/20 10:11 a.m.59 views

CVE-2024-8238

CVE-2024-8238 affects aimhubio/aim v3.22.0 where AimQL uses an outdated safer_getattr() from RestrictedPython, failing to block str.format_map() and allowing access to arbitrary Python attributes (e.g., os.environ) and potential unrestricted code execution if a malicious .dll/.so is loaded. Multi...

8.1CVSS7.4AI score0.00702EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/01/15 11:15 p.m.24 views

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

9.1CVSS0.95151EPSS
Exploits2References3
CVE
CVE
added 2025/01/15 12:0 a.m.310 views

CVE-2024-57727

CVE-2024-57727 affects SimpleHelp RMM

9.1CVSS7.5AI score0.95151EPSS
In wildExploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/01 9:37 p.m.31 views

Path traversal in oak allows transfer of hidden files within the served root directory

Summary By default oak does not allow transferring of hidden files with Context.send API. However, this can be bypassed by encoding / as its URL encoded form %2F. Details 1. Oak uses decodeComponent which seems to be unexpected. This is also the reason why it is not possible to access a file that...

8.7CVSS6.8AI score0.00682EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/11/01 4:16 p.m.27 views

CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

8.7CVSS6.6AI score0.00682EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/01 4:16 p.m.51 views

CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

8.7CVSS0.00682EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.4 views

oak 安全漏洞

oak is a middleware framework from oak open source. A security vulnerability exists in oak versions prior to 17.1.3. An attacker exploiting the vulnerability can read sensitive user data or gain access to server secrets...

8.7CVSS6.4AI score0.00682EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.5 views

PT-2024-33679 · Oak · Oak

Name of the Vulnerable Software and Affected Versions: oak versions prior to 17.1.3 Description: The issue allows an attacker to bypass the default restriction on transferring hidden files using the Context.send API by encoding / as its URL encoded form %2F. This can potentially lead to reading...

8.7CVSS7.1AI score0.00682EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/05/17 2:56 a.m.2 views

SUSE CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

7.6CVSS7AI score0.00697EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.6 views

PT-2022-27007 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS formerly concrete5 versions below 8.5.10 Concrete CMS formerly concrete5 versions between 9.0.0 and 9.1.2 Description: The issue inadvertently discloses server-side sensitive information, including secrets in environment variable...

5.3CVSS7.2AI score0.00437EPSS
Exploits0References13
Rows per page
Query Builder