Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3164 matches found

Snyk
Snykadded 2025/01/26 10:0 p.m.2 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path at the /admin/compass endpoint, which passes data from GET requests to the pathToLogFile function. An attacker who can convince an authenticated user to follow a link containing a malicious file nam...

6.2CVSS6.9AI score0.61418EPSS
Exploits1References2
NVD
NVDadded 2025/01/25 8:15 a.m.8 views

CVE-2024-12885

The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with...

6.5CVSS0.00443EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/01/25 7:24 a.m.5 views

CVE-2024-12885 Connections Business Directory <= 10.4.66 - Authenticated (Admin+) Arbitrary Directory Deletion

The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with...

6.5CVSS7AI score0.00443EPSS
Exploits0References2
CVE
CVEadded 2025/01/25 7:24 a.m.42 views

CVE-2024-12885

The CVE-2024-12885 entry concerns the WordPress plugin Connections Business Directory. Affected versions: all up to 10.4.66. Root cause: insufficient file path validation when deleting the Connections Images directory, enabling an authenticated attacker with Administrator+ privileges to delete ar...

6.5CVSS6.2AI score0.00443EPSS
Exploits0References2
Veracode
Veracodeadded 2025/01/20 5:59 a.m.8 views

Access Control List (ACL) Bypass

gradio is vulnerable to an Access Control List ACL Bypass. The vulnerability is due to improper case normalization in the file path validation logic through the blockedpaths parameter of the isallowedfile function, allows an attacker can gain unauthorized access to sensitive files by altering the...

8.7CVSS6.7AI score0.00135EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2025/01/20 3:15 a.m.0 views

CVE-2025-0581

A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the...

5.4CVSS3.8AI score0.00131EPSS
Exploits1References5
CNNVD
CNNVDadded 2025/01/17 12:0 a.m.2 views

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from the parameter expcat in the file /expadd.php that can cause SQL injection...

9.8CVSS7AI score0.00111EPSS
Exploits1References6
SUSE CVE
SUSE CVEadded 2025/01/16 3:48 a.m.1 views

SUSE CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

8.7CVSS6.7AI score0.00135EPSS
Exploits1References3
OSV
OSVadded 2025/01/15 10:15 p.m.1 views

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

8.8CVSS5.8AI score0.00199EPSS
Exploits1References5
CNNVD
CNNVDadded 2025/01/15 12:0 a.m.1 views

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from improper manipulation of the message/error parameter in the file /fladmin/jump.php, and is susceptible to cross-site scripting attacks...

5.3CVSS4.3AI score0.00357EPSS
Exploits1References1
NVD
NVDadded 2025/01/14 7:15 p.m.14 views

CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

8.7CVSS0.00135EPSS
Exploits1References1
PyPA
PyPAadded 2025/01/14 7:15 p.m.5 views

PYSEC-2025-118

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

8.7CVSS5.8AI score0.00135EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2025/01/14 7:15 p.m.1 views

PYSEC-2025-118

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

7.5CVSS5.8AI score0.00135EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/01/14 6:49 p.m.7 views

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

8.7CVSS6.2AI score0.00135EPSS
Exploits1References1
CVE
CVEadded 2025/01/14 6:49 p.m.86 views

CVE-2025-23042

Gradio Blocked Path ACL bypass vulnerability (CVE-2025-23042) arises from missing case normalization in file-path validation. On case-insensitive file systems (e.g., Windows/macOS), an attacker can circumvent ACLs by altering the letter case of a blocked path, potentially accessing restricted fil...

8.7CVSS6.3AI score0.00135EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2025/01/14 6:49 p.m.12 views

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

8.7CVSS0.00135EPSS
Exploits1References1
OSV
OSVadded 2025/01/14 4:32 p.m.7 views

GHSA-J2JG-FQ62-7C3H Gradio Blocked Path ACL Bypass Vulnerability

Summary Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windo...

9.1CVSS5.4AI score0.00135EPSS
Exploits1References6
Snyk
Snykadded 2025/01/14 4:32 p.m.1 views

Improper Handling of Case Sensitivity

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper case normalization in the file path validation logic through the blockedpaths parameter of the...

8.7CVSS6.9AI score0.00135EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/01/14 12:0 a.m.2 views

PT-2025-4788 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.6.0 Description: Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path due to the lack of case normalization in the file path validation logi...

9.1CVSS6.8AI score0.00135EPSS
Exploits1References12
ATTACKERKB
ATTACKERKBadded 2025/01/13 10:15 p.m.2 views

CVE-2023-42245

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via monitor/sscheduledfile.php...

6.1CVSS5.8AI score0.00246EPSS
Exploits0References2
Rows per page
Query Builder