PYSEC-2026-90

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

PYSEC-2026-90

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

PT-2026-2279

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 25.11.1 Description MindsDB is a platform for building artificial intelligence from enterprise data. An unauthenticated path traversal exists in the file upload API for versions prior to 25.11.1, allowing any caller t...

BIT-GITLAB-2025-10858 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service DoS condition while uploading specifically crafted large JSON files...

CVE-2025-10858

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service DoS condition while uploading specifically crafted large JSON files...

CVE-2025-10858

Removed by vendor...

CVE-2025-10858

GitLab CE/EE vulnerable to unauthenticated DoS when uploading specially crafted large JSON files. Affected branches: all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Impact is Denial of Service (availability impact). CVSS 3.1 base score 7.5 (HIGH) with network attack vector...

PT-2025-39622

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 18.2.7 GitLab CE/EE versions 18.3 through 18.3.2 GitLab CE/EE versions 18.4 through 18.4.0 Description An issue exists that allows unauthenticated users to cause a Denial of Service DoS condition by uploading...

ChuanhuChatGPT File Containment Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A file inclusion vulnerability exists in ChuanhuChatGPT version d4ec6a3, which stems from the gr.JSON component not effectively filtering cal...

VulnCheck KEV: CVE-2024-6828

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which...

WordPress plugin Profile Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...