CVE-2025-62382 Frigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameter

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...

CVE-2023-5120

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

PT-2024-20543 · Unknown · Casaos-Userservice

Name of the Vulnerable Software and Affected Versions: CasaOS-UserService versions prior to 0.4.7 Description: The issue concerns a path traversal vulnerability in the UserService API, which allows an unauthorized actor to access any file on the system due to insufficient path filtering for user...

CVE-2023-5120

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...