20757 matches found
GHSA-38M8-XRFJ-V38X phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController
Summary The MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTERSANITIZESPECIALCHARS filter...
Directory Traversal
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...
Directory Traversal
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...
Directory Traversal
Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the subdirectory setting, which allows parent-directory traversal. If a user runs Copier on an untrusted template, an attacker can access files outside the...
Directory Traversal
Overview @payloadcms/storage-r2 is a Payload storage adapter for Cloudflare R2 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intend...
Directory Traversal
Overview @payloadcms/storage-s3 is a Payload storage adapter for Amazon S3 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intended...
Directory Traversal
Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the...
Directory Traversal
Overview @payloadcms/storage-gcs is a Payload storage adapter for Google Cloud Storage Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape th...
ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)
Summary The encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into response headers e.g., setting a Location redire...
GHSA-X2W3-23JR-HRPF ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)
Summary The encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into response headers e.g., setting a Location redire...
Directory Traversal
Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of wheel destination path that is being constructed directly from untrusted wheel entry path without containment checks. An...
Directory Traversal
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Directory Traversal via the avatarurl parameter in the chat export and delete endpoints. An attacker can read or delete arbitrary files within the user data root by supplying directory...
GHSA-525J-2HRJ-M8FP SillyTavern: Path Traversal allows file existence oracle
Summary A path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. By sending percent-encoded ../ sequences %2E%2E%2F in requests to static file routes, an attacker can check for the existen...
Directory Traversal
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Directory Traversal via the createRouteHandler function. An attacker can determine the existence of arbitrary files on the server's filesystem by sending specially crafted requests containin...
SillyTavern: Path Traversal allows file existence oracle
Summary A path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. By sending percent-encoded ../ sequences %2E%2E%2F in requests to static file routes, an attacker can check for the existen...
External Control of File Name or Path
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/chats/import endpoint when unsanitized input in the charactername parameter is used to construct file paths. An attacker can write arbitrar...
SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory
Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into charactername. Details charactername is used unsafely as part of the destination filename and...
GHSA-XVWW-XHX6-22PF SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory
Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into charactername. Details charactername is used unsafely as part of the destination filename and...
Directory Traversal
Overview @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths in the memory tool. An attacker can access or modify files outside the intended sandboxed...
Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB and Tomcat affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Tomcat and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, a...