Lucene search
K

13 matches found

OSV
OSV
added 2026/05/07 9:45 p.m.4 views

GHSA-J7H9-2JH7-G967 mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

8.7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 9:45 p.m.8 views

mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

5.8AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/26 5:32 p.m.25 views

CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

2.9CVSS0.00165EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/26 5:32 p.m.6 views

CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

2.9CVSS6AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/27 12:49 a.m.11 views

CVE-2025-10988

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

6.5CVSS6.5AI score0.00296EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 12:32 a.m.13 views

CVE-2025-10988

The connected PT-2025-39467 entry confirms a vulnerability in YunaiV ruoyi-vue-pro up to version 2025.09 affecting an unspecified portion of /crm/business/transfer and causing improper authorization. It can be exploited remotely, and an exploit is publicly available. The vendor has been notified ...

8.8CVSS6.3AI score0.00296EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/14 2:27 a.m.21 views

CVE-2025-10276

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

6.5CVSS6.5AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 1:2 a.m.2 views

CVE-2025-10275 YunaiV yudao-cloud transfer improper authorization

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

6.5CVSS6.2AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/17 8:29 a.m.13 views

CVE-2025-9021

A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely...

9.8CVSS7.8AI score0.00463EPSS
Exploits0References1
NVD
NVD
added 2025/08/15 8:15 a.m.9 views

CVE-2025-9021

A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely...

9.8CVSS0.00463EPSS
Exploits0References4
OSV
OSV
added 2023/04/24 3:3 p.m.5 views

CLSA-2023-1682348615 curl: Fix of CVE-2023-27534

CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...

8.8CVSS6.8AI score0.02195EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/05/26 12:0 a.m.6 views

PT-2021-8690 · Red Hat · Redhat-Certification

Name of the Vulnerable Software and Affected Versions: redhat-certification version 7 Description: The issue is related to improper configuration, which allows listing of all files and directories in the /var/www/rhcert/store/transfer directory through the "/rhcert-transfer" API endpoint. This...

7.5CVSS6AI score0.01063EPSS
Exploits0References3
OSV
OSV
added 2018/03/15 12:2 p.m.3 views

USN-3598-1 curl vulnerabilities

Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-1000120 Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue t...

9.8CVSS6.7AI score0.12058EPSS
Exploits0References4
Rows per page
Query Builder