330 matches found
CVE-2024-8524
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...
PYSEC-2025-93
gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...
CVE-2024-8524 Directory Traversal in modelscope/agentscope
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...
CVE-2024-8524
CVE-2024-8524 concerns modelscope/agentscope v0.0.4, where a directory traversal vulnerability allows an attacker to read arbitrary local JSON files via a crafted POST to the /read-examples endpoint. Affected component: agentscope (Python package) in the modelscope project; vulnerability arises f...
CVE-2024-10707 Local File Inclusion in gaizhenbiao/chuanhuchatgpt
gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...
CVE-2024-10707
CVE-2024-10707 affects gaizhenbiao/chuanhuchatgpt (git d4ec6a3) and stems from a local file inclusion flaw in the gr.JSON component used by the Gradio-based UI, enabled by improper input validation in the handling of dataset selection. Several connected sources (CIRCL/CVE, GHSA, OSV, CNVD) corrob...
CVE-2024-7631
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
CVE-2024-7631 Openshift-console: openshift console: path traversal
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
CVE-2024-7631
OpenShift Console CVE-2024-7631 describes a path traversal flaw in the locales/resources.json endpoint where lng/ns are used to build a file path in pkg/plugins/handlers unsafely.go, allowing an authenticated user to read arbitrary JSON files on the console pod by using ../ sequences. Connected d...
Red Hat OpenShift Console 路径遍历漏洞
Red Hat OpenShift Console is an OpenShift console from Red Hat, Inc. A path traversal vulnerability exists in Red Hat OpenShift Console that stems from an insecure file path construction, which could allow an authenticated user to retrieve an arbitrary JSON file on the console by manipulating the...
CVE-2024-10649
CVE-2024-10649 affects wandb/openui (commit c945bb859979659add5f490a874140ad17c56a5d). The vulnerability arises from unauthenticated endpoints that allow uploading and downloading files to an AWS S3 bucket via the /v1/share/{id:str} endpoints, enabling potential denial of service, stored XSS, and...
CVE-2024-6255
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
CVE-2024-6828
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...
CVE-2024-11600
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.6.0 via the 'writeconfig' function. This is due to a lack of sanitization on an imported JSON file. This makes it...
CVE-2024-10965
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965 emqx neuron JSON File schema information disclosure
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
CVE-2024-10965
Vulnerability summary (CVE-2024-10965): EMQX Neuron up to version 2.10.0 is affected by an information disclosure issue in the JSON File Handler, specifically the vulnerable function at /api/v2/schema. Exploitation is possible remotely through manipulation of this endpoint due to an unknown funct...
CVE-2024-10965 emqx neuron JSON File schema information disclosure
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...
Neuron 访问控制错误漏洞
Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron version 2.10.0 and prior versions, which stems from an information...