SUSE CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from improper manipulation of the message/error parameter in the file /fladmin/jump.php, and is susceptible to cross-site scripting attacks...

PYSEC-2025-118

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

PYSEC-2025-118

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

CVE-2025-23042

Gradio Blocked Path ACL bypass vulnerability (CVE-2025-23042) arises from missing case normalization in file-path validation. On case-insensitive file systems (e.g., Windows/macOS), an attacker can circumvent ACLs by altering the letter case of a blocked path, potentially accessing restricted fil...

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

Improper Handling of Case Sensitivity

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper case normalization in the file path validation logic through the blockedpaths parameter of the...

GHSA-J2JG-FQ62-7C3H Gradio Blocked Path ACL Bypass Vulnerability

Summary Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windo...

PT-2025-4788 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.6.0 Description: Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path due to the lack of case normalization in the file path validation logi...

CVE-2023-42245

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via monitor/sscheduledfile.php...

REVE Antivirus 安全漏洞

REVE Antivirus is an antivirus security program from REVE Antivirus, Inc. A security vulnerability exists in REVE Antivirus version 1.0.0.0, which originates from the file /usr/local/reveantivirus/tmp/reveinstall that results in incorrect default permissions...

CVE-2025-0227 Tsinghua Unigroup Electronic Archives System downLoad.html information disclosure

A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. This affects an unknown part of the file /Logs/Annals/downLoad.html. The manipulation of the argument path leads to information disclosure. It is possible to initiate t...

PT-2025-3802 · Unknown · Codezips Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: Codezips Blood Bank Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /successadmin.php. The manipulation of the argument psw leads to SQL injection. The attack may be launched remotely...

PT-2025-3775 · Tata Consultancy Services · Tcs Bancs

Name of the Vulnerable Software and Affected Versions: TCS BaNCS version 10 Description: A vulnerability was found in TCS BaNCS, affecting an unknown part of the file /REPORTS/REPORTS SHOW FILE.jsp. The manipulation of the FilePath argument leads to file inclusion. The real existence of this...

TCS BaNCS 安全漏洞

TCS BaNCS Tata Consultancy Services BaNCS is a core banking software suite from TCS Corporation. A security vulnerability exists in TCS BaNCS version 10, which stems from an incorrect operation of the parameter FilePath can result in file inclusion...

Time-of-Check Time-of-Use (TOCTOU)

Apache Tomcat is vulnerable to a Time-of-Check Time-of-Use TOCTOU. The vulnerability is due to incomplete mitigation and improper handling of file path canonicalization on case-insensitive file systems when the default servlet write is enabled, which allows an attacker to exploit race conditions ...

changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Summary Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd o...