54 matches found
CVE-2025-11607
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...
CVE-2025-11607
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...
CVE-2025-11607 harry0703 MoneyPrinterTurbo API Endpoint music.py upload_music path traversal
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...
CVE-2025-11607
The CVE-2025-11607 entry affects harry0703 MoneyPrinterTurbo up to 1.2.6, specifically the upload_music function in app/controllers/v1/music.py of the API Endpoint. The vulnerability arises from path traversal via manipulation of the File argument, enabling remote exploitation. Multiple connected...
CVE-2025-11607 harry0703 MoneyPrinterTurbo API Endpoint music.py upload_music path traversal
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...
CVE-2025-11607
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...
MoneyPrinterTurbo 路径遍历漏洞
MoneyPrinterTurbo is a software by Harry's personal developer that generates short HD videos using AI macromodels. A path traversal vulnerability exists in MoneyPrinterTurbo 1.2.6 and earlier versions, which stems from misuse of the API endpoint component parameter File in the file...
PT-2025-41693
Name of the Vulnerable Software and Affected Versions harry0703 MoneyPrinterTurbo versions through 1.2.6 Description A flaw exists in the upload music function within the app/controllers/v1/music.py file of the API Endpoint component. Manipulation of the File argument can result in path traversal...
EUVD-2025-22024
Malicious code in bioql PyPI...
EUVD-2025-29212
Malicious code in bioql PyPI...
EUVD-2025-22020
Malicious code in bioql PyPI...
EUVD-2025-29232
Malicious code in bioql PyPI...
EUVD-2025-22019
Malicious code in bioql PyPI...
CVE-2025-10472
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-49089
wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd...
CVE-2025-10472
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-10472
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-10472 harry0703 MoneyPrinterTurbo URL video.py stream_video path traversal
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-10472
MoneyPrinterTurbo (harry0703) vulnerable up to 1.2.6 due to path traversal in the URL Handler’s video download/stream logic. Affected: download_video/stream_video in app/controllers/v1/video.py; parameter file_path can be manipulated to traverse paths. Exploit is remote and publicly disclosed. Mi...
CVE-2025-49089
wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd...