Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.7 views

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

4.9CVSS6.9AI score0.00427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/12 12:0 a.m.5 views

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

6.5AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2020/02/26 4:15 p.m.5 views

CVE-2019-19992

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...

6.5CVSS6.6AI score0.01123EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2019/08/06 12:11 p.m.52 views

poppler: pdfdetach utility does not validate save paths

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path...

6.5CVSS5.8AI score0.01946EPSS
Exploits1References4
Veracode
Veracode
added 2019/07/18 6:20 a.m.18 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack exists because it does not validate the file name provided by the user, allowing an attacker to inject a malicious script through it to get executed during editing of attachments/edit/$fileid$ attachment...

5.4CVSS5.2AI score0.00762EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder