779 matches found
PT-2025-49298
Name of the Vulnerable Software and Affected Versions Nextcloud Desktop versions prior to 3.16.5 Description Nextcloud Desktop is a desktop sync client for Nextcloud. Before version 3.16.5, the file path was transmitted unencrypted when attempting to manually lock a file within an end-to-end...
CVE-2024-56331 Local File Inclusion (LFI) via Improper URL Handling in uptime-kuma's `Real-Browser` monitor
Uptime Kuma is an open source, self-hosted monitoring tool. An Improper URL Handling Vulnerability allows an attacker to access sensitive local files on the server by exploiting the file:/// protocol. This vulnerability is triggered via the "real-browser" request type, which takes a screenshot of...
Directory Traversal
pythonlibarchive is vulnerable to Directory Traversal. The vulnerability is due to insufficient sanitization of file paths during the extraction process, which fails to properly handle or restrict the traversal of directory paths, allowing attackers to use special characters such as ../ to escape...
BIT-NODE-MIN-2024-21890
The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...
File Manipulation
drupal/core is vulnerable to File Manipulation. The vulnerability is due to insufficient validation and sanitization of user-provided file paths, which can lead to unauthorized file access or manipulation...
The vulnerability of the Keycloak identity and access management software lies in improper external control of the file name or path, allowing unauthorized users to gain unauthorized access to protected information.
The vulnerability of the Keycloak identity and access management software is related to improper external control of the file name or path, resulting from incorrect validation of regular expressions. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthoriz...
Improper File URI Scheme Validation
changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...
Directory Traversal
github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...
Arbitrary File Deletion
github.com/plentico/plenti is vulnerable to Arbitrary File Deletion. The vulnerability is due to insufficient input validation and lack of proper access controls on the /postLocal endpoint, allowing an attacker to manipulate file paths and trigger arbitrary file deletion when the Plenti user serv...
ROS-20241029-13
A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to use...
ROS-20241029-04
A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to explo...
CVE-2024-47164
Gradio has a directory traversal bypass in the is_in_or_equal function (CVE-2024-47164). The vulnerability allows crafted paths using .. sequences to bypass directory checks and potentially access restricted files, especially where blocklist or directory access validation is used during file uplo...
GHSA-77XQ-6G77-H274 Gradio's `is_in_or_equal` function may be bypassed
Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file...
Gradio 路径遍历漏洞
Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from an attacker's ability to access and disclose the source code of a custom...
Link Following in github.com/containers/common
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
CVE-2024-9341
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
CVE-2024-9341
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
CVE-2024-9341
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
CVE-2024-9341
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
CVE-2024-9341
CVE-2024-9341 is a vulnerability in the containers/common Go library that can occur when FIPS mode is enabled, enabling symbolic-link-based mounting to trick the host into mounting sensitive host directories inside a container and potentially accessing host files. Related advisories indicate affe...