Lucene search
K

11 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.9 views

CVE-2026-56446

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...

8.7CVSS0.00383EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 5:2 p.m.2 views

SUSE-SU-2026:22184-1 Security update for postgresql16

This update for postgresql16 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References20
GithubExploit
GithubExploit
added 2026/04/15 9:15 a.m.98 views

File-Cleaner-

I learn from this Project w Never trust user input: Attackers c...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/10 7:26 p.m.7 views

PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...

6.5CVSS5.9AI score0.00243EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/10/06 8:0 p.m.10 views

CLSA-2025-1759780820 python3: Fix of CVE-2007-4559

CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability...

9.8CVSS6.8AI score0.27095EPSS
Exploits3References1
CVE
CVE
added 2024/08/02 6:41 a.m.45 views

CVE-2024-3238

CVE-2024-3238 affects the WordPress Menu Plugin — Superfly Responsive Menu. The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_handle_delete_icons() function, allowing unauthenticated attackers to delete arbitrary files if a site admin is tr...

8.8CVSS8.5AI score0.00382EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2018:0862-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9AI score0.10027EPSS
Exploits8References7
OSV
OSV
added 2018/07/17 6:8 a.m.9 views

SUSE-SU-2018:1972-1 Security update for perl

This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216. - CVE-2018-6798: Fixed heap buffer overflow in regexec.c bsc1082233. - CVE-2018-6797: Fixed sharp-s regexp overflow bsc1082234. - CVE-2018-1201...

9.8CVSS8.2AI score0.10866EPSS
Exploits1References10
NVD
NVD
added 2017/07/07 11:29 a.m.21 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS7.5AI score0.81028EPSS
Exploits5References3
phpMyAdmin
phpMyAdmin
added 2016/05/25 12:0 a.m.28 views

File Traversal Protection Bypass on Error Reporting

PMASA-2016-15 Announcement-ID: PMASA-2016-15 Date: 2016-05-25 Updated: 2016-05-26 Summary File Traversal Protection Bypass on Error Reporting Description A specially crafted payload could result in the error reporting component exposing whether an arbitrary file exists on the file system and the...

5.3CVSS6.5AI score0.01992EPSS
Exploits0
securityvulns
securityvulns
added 2001/07/24 12:0 a.m.47 views

Обратный путь в директориях в Tivoli SecureWay (directory traversal)

Можно обойти защиту от обратного пути используя кодирование . как 2e...

1.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder