700 matches found
CVE-2024-6331
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read LFI by Prompt Injection. The integration of Google Gimini 1.0 Pro with HarmBlockThreshold.BLOCKNONE for HarmCategory.HARMCATEGORYHATESPEECH and HarmCategory.HARMCATEGORYHARASSMENT i...
DEBIAN-CVE-2024-45598
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the Poller Standard Error Log Path parameter in either Installation Step 5 or in Configuration-Settings-Paths tab to a local file inside the server. Then simply going to Logs tab and...
CVE-2025-23012
Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...
Local File Read (LFR)
changedetectionio is vulnerable to Local file read LFR. The vulnerability is due to improper input validation, which allows attackers to exploit user input to construct file paths without adequate sanitization...
AnyDesk 后置链接漏洞
AnyDesk is a remote desktop connection software from AnyDesk, a German company. AnyDesk suffers from a backlink vulnerability that originates from a flaw in the background image processing, which can be exploited by a local attacker to read arbitrary files and disclose sensitive information...
GHSA-J5VV-6WJG-CFR8 changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
Summary Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd o...
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
Summary Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd o...
CVE-2024-56509
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
CVE-2024-56509
CVE-2024-56509 affects changedetection.io. The issue is improper input validation that enables local file read (LFR) or path traversal when user-supplied input is used to build file paths (e.g., file:../../../etc/passwd). The vulnerability is triggered via URLs processed by the application and is...
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
PT-2024-36824 · Unknown · Changedetection.Io
Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.48.05 Description: The issue is related to improper input validation in the application, which can allow attackers to perform local file read LFR or path traversal attacks. These attacks occur when user...
JetBrains TeamCity 代码问题漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A code issue vulnerability exists in JetBrains...
PT-2024-18960 · Spatie · Spatie/Browsershot
Name of the Vulnerable Software and Affected Versions: spatie/browsershot versions prior to 5.0.3 Description: The issue is related to improper input validation due to incorrect URL validation through the setUrl method. An attacker can exploit this by utilizing view-source:file://, allowing for...
PT-2024-36794 · Unknown · Uptime Kuma
Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.16 Description: An Improper URL Handling issue allows an attacker to access sensitive local files on the server by exploiting the file:/// protocol. This issue is triggered via the "real-browser" request typ...
Improper Input Validation
Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by utilizing...
SolarWinds Web Help Desk < 12.8.4 Multiple Vulnerabilities
The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 12.8.4 release notes. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...
CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...
CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...