CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

CVE-2025-66905

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...

CVE-2025-67845

Summary: CVE-2025-67845 is a directory traversal vulnerability in Mintlify Platform’s Static Asset Proxy Endpoint (prior to 2025-11-15). An attacker can craft a URL with traversal sequences to inject arbitrary web script or HTML. Affected components: Mintlify Platform, Static Asset Proxy Endpoint...

PT-2025-52458

Name of the Vulnerable Software and Affected Versions Takes versions through 2.0-SNAPSHOT Description The Takes web framework’s TkFiles component does not properly sanitize HTTP request paths before using them to access the filesystem. This allows a remote attacker to use "../" sequences within t...

CVE-2025-66905

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...

CVE-2025-66905

The CVE-2025-66905 entry concerns the Takes web framework, specifically the TkFiles component up to 2.0-SNAPSHOT, which fails to canonicalize HTTP request paths before filesystem access. This allows a remote attacker to include ../ sequences in the request path to escape the configured base direc...

EUVD-2025-204545

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via crafted symbolic links in the repository. An attacker can access sensitive files on the server filesystem by creating and referencing symbolic links that point to arbitrary locations. Details A Directory Traversa...

EUVD-2025-204353

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53944

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53944

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53944

EasyPHP Webserver 14.1 is affected by a path traversal vulnerability (CVE-2023-53944) that allows remote low-privilege users to read files outside the document root by bypassing SecurityManager. The documented payload involves crafted GET requests with encoded directory traversal sequences such a...

CVE-2023-53944 EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53944 EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.12.0 Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty...

PT-2025-52406

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing pa...

EasyPHP Webserver 安全漏洞

EasyPHP Webserver is an EasyPHP open source platform where you can build a development environment. A security vulnerability exists in EasyPHP Webserver version 14.1, which stems from a path traversal vulnerability that could lead to reading system files...

PT-2025-52323

Name of the Vulnerable Software and Affected Versions EasyPHP Webserver version 14.1 Description A path traversal flaw exists in EasyPHP Webserver that permits unauthenticated remote users with limited privileges to access files beyond the intended document root. This is achieved by circumventing...

Directory Traversal

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via improper validation of the path validation in repopath argument when...

Directory Traversal

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via the gitinit tool. An attacker can create repositories at arbitrary...