Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.6 views

CVE-2024-2602

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor...

7.8CVSS7.6AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-7875

Malware in sbrugna...

6.5CVSS6.6AI score0.01254EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-8026

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02711EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/01 4:41 p.m.7 views

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadmodelmeta function. An attacker can execute arbitrary code by supplying a maliciously crafted serialized .mdl file th...

9.8CVSS7.8AI score0.01176EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.263 views

ABB Cylon Aspect 3.08.01 caldavUpload.php Funkalicious Exploit

Yo, check it - the ABB BMS/BAS system's got a slick little weakness in them caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files. All you gotta do is drop that skipChecksum beat in the POST vibe, and bam, the system skips all that MD5 checksum nonsense, no EXPERTMODE needed to...

7.2AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/06 12:0 a.m.5 views

shared_preferences_android vulnerability

Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code execution. ...

6.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/11/13 2:12 p.m.18 views

GHSA-JRH5-VHR9-QH7Q Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

Summary A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads,...

8.7CVSS8.3AI score0.01138EPSS
Exploits1References3
OSV
OSV
added 2024/02/22 2:8 p.m.2 views

SUSE-SU-2024:0592-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2024-24821: Fixed potential arbitrary code execution when Composer is invoked within a directory with tampered files bsc1219757...

8.8CVSS9AI score0.00273EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/02/11 3:54 a.m.2 views

SUSE CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

7.8CVSS7.8AI score0.00273EPSS
Exploits0References5
OSV
OSV
added 2024/02/09 12:15 a.m.1 views

UBUNTU-CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

8.8CVSS7.7AI score0.00273EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/02/08 11:54 p.m.2 views

CVE-2024-24821 Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

8.8CVSS8.1AI score0.00273EPSS
Exploits0References2
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-613

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

7.8CVSS6.9AI score0.00183EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2017/12/12 2:0 p.m.22 views

CVE-2017-16691

SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...

6.5AI score0.01254EPSS
Exploits0References3
Rows per page
Query Builder