Lucene search
K

11 matches found

CVE
CVE
added 2026/01/27 10:14 p.m.17 views

CVE-2026-24909

CVE-2026-24909 concerns the vlt project: vulnerable in versions before 1.0.0-rc.10 due to improper path sanitization in tar extraction, enabling path traversal. In practice, a tar archive with crafted file paths could lead to extraction of files outside the target directory, as described in multi...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/27 10:14 p.m.7 views

EUVD-2026-4860

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/27 10:14 p.m.0 views

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-5031

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.5 views

CVE-2017-18537

The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.01621EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.30 views

CVE-2025-65807

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...

0.00168EPSS
Exploits1References2
OSV
OSV
added 2024/09/09 10:15 a.m.5 views

CVE-2024-8601

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized acce...

6.5CVSS5.8AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2023/12/08 8:15 p.m.5 views

CVE-2023-46496

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint...

8.3CVSS5.8AI score0.01186EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.4 views

wing-tight 安全漏洞

wing-tight is an application by aptic lava personal developer. A security vulnerability exists in wing-tight versions prior to 1.0.0, which stems from a problem in the unknown section of the file index.php, where manipulation of the parameter p results in a file inclusion...

9.8CVSS6.9AI score0.00826EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.4 views

Apache Doris 信任管理问题漏洞

Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...

7.5CVSS5.6AI score0.03137EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/12/22 6:15 a.m.2 views

CVE-2021-45459

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter...

9.8CVSS7.3AI score0.04063EPSS
Exploits1References4
Rows per page
Query Builder