Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/06 9:6 a.m.12 views

CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS6.7AI score0.00892EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 a.m.9 views

Apache Kyuubi Server vulnerable to Path Traversal

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS6.8AI score0.00892EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/05 8:46 a.m.23 views

CVE-2025-66518

Apache Kyuubi Server 1.6.0–1.10.2 is affected by a path traversal/unauthorized local-file access vulnerability where an attacker able to reach the Kyuubi frontend could bypass the kyuubi.session.local.dir.allow.list. Root cause involves insufficient path normalization, permitting access to local ...

8.8CVSS6.4AI score0.00892EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/05 6:17 p.m.14 views

CVE-2024-51493 API key access in settings without reauthentication in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

5.3CVSS6.2AI score0.00282EPSS
Exploits0References3
Snyk
Snyk
added 2023/03/09 10:44 a.m.1 views

Access Control Bypass

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Access Control Bypass due to the usage of a vulnerable dependency package libxslt, which allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWri...

9.8CVSS7.7AI score0.05089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/12/20 12:0 a.m.4 views

PT-2021-23977 · Humhub · Humhub

Name of the Vulnerable Software and Affected Versions: HumHub versions prior to 1.10.3 HumHub versions prior to 1.9.3 Description: HumHub is an open-source social network kit written in PHP. Prior to certain versions, it could be possible for registered users to become unauthorized members of...

6.5CVSS6.3AI score0.01184EPSS
Exploits1References9
Rows per page
Query Builder