Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file-path project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3008
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in ...
Tinygltf Project Tinygltf
Debian Debian Linux 11.0
516
VMScore
CVE-2021-32804
The npm package "tar" (aka node-tar) prior to 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into ...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
1 Github repository
392
VMScore
CVE-2022-24826
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the malicious user to execute arbitrary code. This does not affect Unix systems....
Git Large File Storage Project Git Large File Storage
NA
CVE-2023-35145
Jenkins Sonargraph Integration Plugin 5.0.1 and previous versions does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Sonargraph Integration
NA
CVE-2023-38695
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue h...
Simonsmith Cypress Image Snapshot
605
VMScore
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote malicious users to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Gnu Tar 1.13.19
Gnu Tar 1.13.25
Gnu Tar 1.15.91
Gnu Tar 1.16
Gnu Tar 1.13
Gnu Tar 1.13.5
Gnu Tar 1.14
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.13.18
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14.90
Gnu Tar 1.15
668
VMScore
CVE-2012-0036
curl and libcurl 7.2x prior to 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote malicious users to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) P...
Curl Curl 7.21.1
Curl Curl 7.21.2
Curl Curl 7.23.0
Curl Curl 7.23.1
Curl Curl 7.20.1
Curl Curl 7.21.0
Curl Curl 7.21.7
Curl Curl 7.22.0
Curl Curl 7.21.3
Curl Curl 7.21.4
Curl Curl 7.20.0
Curl Curl 7.21.5
Curl Curl 7.21.6
Curl Libcurl 7.21.3
Curl Libcurl 7.21.4
Curl Libcurl 7.21.1
Curl Libcurl 7.21.2
Curl Libcurl 7.23.1
Curl Libcurl 7.20.0
Curl Libcurl 7.21.5
Curl Libcurl 7.21.6
Curl Libcurl 7.21.7
NA
CVE-2024-23633
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that exec...
Humansignal Label Studio
NA
CVE-2024-29180
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can ...
534
VMScore
CVE-2012-1988
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by crea...
Puppet Puppet
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise
Fedoraproject Fedora 17
Fedoraproject Fedora 16
Fedoraproject Fedora 15
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 10.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »