CVE-2026-34523 SillyTavern: Path traversal allows file existence oracle

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

EUVD-2011-4857

Malware in sbrugna...

CVE-2011-4948

Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f encoded dot dot slash in the type parameter...

SUSE CVE-2025-27553

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...

Exploit for CVE-2024-38819

CVE-2024-38819: Proof of Concept PoC This is a proof of concept for the CVE-2024-38819 vulnerability, which I reported, demonstrating a path traversal exploit. Execution Steps 1. Build the Docker image Spring Boot 3.3.4, based on Spring Framework 6.1.13 cd vuln docker build -t cve-2024-38819-poc...

CVE-2014-3744

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path...

UBUNTU-CVE-2014-3744

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path...

CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...

PT-2017-16806 · Kodi +1 · Chorus2 +1

Name of the Vulnerable Software and Affected Versions: Chorus2 version 2.4.2 Description: The issue allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by "image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd". This is a directory...

CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e encoded dot dot slash in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd...

Directory traversal

Directory traversal vulnerability in controller/concerns/renderredirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F encoded dot dot slash in the step...

Directory traversal

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...

CVE-2011-2524

Summary of CVE-2011-2524 (libsoup) : A directory traversal vulnerability exists in SoupServer’s soup-uri.c in libsoup prior to 2.35.4, allowing remote attackers to read arbitrary files via a %2e%2e in the URI. The issue affects libsoup across multiple advisories and distributions (e.g., MiracleLi...

libsoup: SoupServer directory traversal flaw

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...

Directory traversal

Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F encoded dot dot slash in the action parameter to the default URI...

EUVD-2011-2719

Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F encoded dot dot slash in the action parameter to the default URI...

CVE-2011-1715

Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f encoded dot dot sequences in the file parameter...

CVE-2009-3912

Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F encoded dot dot slash in the album parameter...

Directory traversal

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

Advisory for Jana server

Advisory for Jana Webserver Site: http://www.janaserver.de by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0112 /-|=explanation=|- Jana Webserver is well, a webserver. It has a hex-encoded dot dot bug and a denial of service. /-|=who is vulnerable=|- Tested to be...