CVE-2025-6854

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-5964

CVE-2025-5964 affects M‑Files Server pre-25.6.14925.0, where a path traversal flaw in the API endpoint lets an authenticated user read server files. Public sources describe the vulnerable component as the API handling file access, with the root cause being traversal in requests to REST endpoints....

CVE-2025-5964 Path traversal in M-Files API

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...

CVE-2025-5964 Path traversal in M-Files API

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...

CVE-2020-13328

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API...

CVE-2024-6789 Path traversal in M-Files API

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files...

PT-2024-24617 · Pebble · Pebble

Name of the Vulnerable Software and Affected Versions: Pebble versions prior to 1.10.2 Pebble versions 1.1.1, 1.4.2, and 1.7.4 are fixed versions, but all versions prior to 1.10.2 are considered vulnerable. Description: The issue allows unprivileged local users to read files with root-equivalent...

BIT-GITLAB-2020-13328

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API...

CVE-2023-6189

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

CVE-2023-6189

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

PT-2023-12762 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue was discovered that allows execution of commands. The "/BrowseFiles.php" API endpoint is vulnerable to a POST request with a cmd parameter set to "ssh" a...

xzjie cms 代码问题漏洞

xzjie cms is xzjie individual developers of the cloud tower guest - cabin content publishing system. A code issue vulnerability exists in xzjie cms 1.0.3 and earlier versions, which stems from a problem with files/api/upload, where manipulation of the parameter uploadFile can lead to unrestricted...

Moodle < 3.5.18, 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerabilities (MSA-21-0013, MSA-21-0014, MSA-21-0015, MSA-21-0016)

Moodle is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-20202

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...

Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This...

CVE-2020-12146

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API...

Cross site scripting

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API...

CVE-2020-13328

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API...

CVE-2020-13328

CVE-2020-13328 affects GitLab versions prior to 13.1.2, 13.0.8, and 12.10.13 and is described as a stored XSS vulnerability caused by the PyPi files API. The connected sources confirm the affected version ranges and the XSS class of vulnerability but do not provide additional technical details ab...

CVE-2020-13328

Removed by vendor...