Lucene search
+L

88 matches found

osv
osv
added 2026/03/05 9:6 p.m.10 views

CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.7AI score0.00322EPSS
Exploits1References5
nessus
nessus
added 2026/02/28 12:0 a.m.6 views

FreeBSD : FreeBSD -- Jail chroot escape via fd exchange with a different jail (a88f5b2d-11e9-11f1-8148-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a88f5b2d-11e9-11f1-8148-bc241121aa0a advisory. If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the t...

7.5CVSS7.5AI score0.00111EPSS
Exploits0References2
cvelist
cvelist
added 2026/02/11 12:0 a.m.27 views

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...

0.00289EPSS
Exploits0References2
githubexploit
githubexploit
added 2025/12/30 9:54 a.m.254 views

Exploit for Improper Access Control in Microsoft

CVE-2025-47962-POC Reproduction process: i686-w64-mingw32-gcc...

7.8CVSS7.1AI score0.01423EPSS
Exploits1
githubexploit
githubexploit
added 2025/12/02 9:55 a.m.353 views

Exploit for Code Injection in Samba

CVE-2017-7494 Remote root exploit for the SAMBA CVE-2017-7494...

10CVSS9AI score0.99448EPSS
Exploits24
snyk
snyk
added 2025/10/13 6:31 p.m.7 views

Insecure Temporary File

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Insecure Temporary File due to setting the NLTK data directory to a shared, world-writable subdirectory. An attacker can overwrite, delete, or corrupt data files by exploiting...

7.8CVSS6.9AI score0.00171EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-1999-1326

Malware in sbrugna...

4.6CVSS6.4AI score0.00315EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0464

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00231EPSS
Exploits0References4
cve
cve
added 2025/06/03 4:42 p.m.196 views

CVE-2025-30167

Jupyter Core on Windows (CVE-2025-30167) before 5.8.0 searches the shared %PROGRAMDATA% for configuration files (SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH), which may let an attacker place files affecting other users. Affected: Jupyter Core components on Windows in multi-user, unprotected %PROGR...

7.3CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2025/06/03 12:0 a.m.5 views

Jupyter Core 代码问题漏洞

Jupyter Core is a Jupyter Core feature of Jupyter Open Source. A code issue vulnerability exists in Jupyter Core versions prior to 5.8.0 that stems from searching for configuration files in the shared %PROGRAMDATA% directory on Windows, which could lead to a user creating configuration files that...

7.3CVSS6.5AI score0.00154EPSS
Exploits0References2
redhatcve
redhatcve
added 2024/02/14 9:30 p.m.99 views

CVE-2024-24828

An incorrect default permissions vulnerability was found in pkg. This issue allows an attacker who has access to the /tmp/pkg/ on the local system to replace the genuine executables in the shared directory with malicious executables of the same name...

7.3CVSS7AI score0.00231EPSS
Exploits0References4
nvd
nvd
added 2024/02/09 11:15 p.m.51 views

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

7.8CVSS6.7AI score0.00231EPSS
Exploits0References2
prion
prion
added 2024/02/09 11:15 p.m.28 views

Hardcoded credentials

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

4.3CVSS7.2AI score0.00231EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/02/09 10:21 p.m.51 views

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

6.6CVSS7.7AI score0.00231EPSS
Exploits0References2
osv
osv
added 2024/02/09 3:20 p.m.4 views

GHSA-22R3-9W55-CJ54 Pkg Local Privilege Escalation

Impact Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has...

6.6CVSS7AI score0.00231EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/02/09 12:0 a.m.5 views

pkg security vulnerability

npm pkg is a library from npm that packages Node.js projects into executables. A security vulnerability exists in pkg 5.8.1 and earlier, which stems from the fact that any native code package pkg built writes to a hardcoded directory, and can be exploited by an attacker to replace a genuine...

7.8CVSS8.7AI score0.00231EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/11/23 12:0 a.m.5 views

Apache Storm 安全漏洞

Apache Storm is the United States Apache Apache Foundation of a set of open source distributed real-time computing system developed using Clojure concurrent programming language. Apache Storm suffers from an information disclosure vulnerability that stems from a temporary directory shared among a...

5.5CVSS6.3AI score0.00346EPSS
Exploits0References3
github
github
added 2023/09/20 6:30 p.m.40 views

Jenkins temporary plugin file created with insecure permissions

Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates this temporary file in the system temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they m...

8.8CVSS7.1AI score0.00944EPSS
Exploits0References5Affected Software1
github
github
added 2023/09/20 6:30 p.m.51 views

Jenkins temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

8.1CVSS6.6AI score0.008EPSS
Exploits0References4Affected Software1
osv
osv
added 2023/09/20 6:30 p.m.2 views

GHSA-55WP-3PQ4-W8P9 Jenkins temporary plugin file created with insecure permissions

Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates this temporary file in the system temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they m...

7CVSS7.2AI score0.00944EPSS
Exploits0References4
Rows per page
Query Builder