CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

Veracode•added 2025/12/13 7:24 a.m.•2 views

Path Traversal

Pyrofork is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of filenames received from Telegram messages in the downloadmedia method, which allows an attacker to supply a malicious filename via DocumentAttributeFilename and perform path traversal during file path...

6.5CVSS5.8AI score0.00048EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/12/12 1:53 a.m.•1 views

CVE-2025-67720

Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the downloadmedia method before using them in file path construction. When downloading media, if the user does not specify a custom filename...

6.5CVSS6.7AI score0.00048EPSS

Exploits0References1

Snyk•added 2025/12/11 2:42 a.m.•2 views

Directory Traversal

Overview pyrofork is a Fork of pyrogram. Elegant, modern and asynchronous Telegram MTProto API framework in Python for users and bots Affected versions of this package are vulnerable to Directory Traversal via the progress' function in the downloadmedia.py file. An attacker can overwrite or creat...

8.6CVSS7.5AI score0.00048EPSS

Exploits0References2

vulnersOsv•added 2025/12/11 2:42 a.m.•0 views

d4rktg (>=0.0.1 <=1.5.8), reposter (>=24.3.5 <=24.3.8) potentially affected by CVE-2025-67720 via pyrofork (>=2.3.45 <=2.3.68)

pyrofork PYPI version =2.3.45, =0.0.1, =24.3.5, =24.3.8 Source cves: CVE-2025-67720 Source advisory: SNYK:PYTHON-PYROFORK-14361685...

6.5CVSS5.8AI score0.00048EPSS

Exploits0

NVD•added 2025/12/11 2:16 a.m.•4 views

CVE-2025-67720

6.5CVSS0.00048EPSS

Exploits0References2

Cvelist•added 2025/12/11 1:25 a.m.•23 views

CVE-2025-67720 Pyrofork has a Path Traversal in download_media Method

6.5CVSS0.00048EPSS

Exploits0References2

CVE•added 2025/12/11 1:25 a.m.•9 views

CVE-2025-67720

CVE-2025-67720 affects Pyrofork, an asynchronous MTProto API framework for Python. The vulnerability occurs in the download_media path when a user-supplied Telegram filename is used to construct the target path without adequate sanitization. Versions 2.3.68 and earlier may fall back to the media’...

6.5CVSS6.2AI score0.00048EPSS

Exploits0References2

EUVD•added 2025/12/11 1:25 a.m.•1 views

EUVD-2025-202593

6.5CVSS6.1AI score0.00048EPSS

Exploits0References4

OSV•added 2025/12/11 1:25 a.m.•2 views

CVE-2025-67720 Pyrofork has a Path Traversal in download_media Method

6.5CVSS6.6AI score0.00048EPSS

Exploits0References4

Vulnrichment•added 2025/12/11 1:25 a.m.•1 views

CVE-2025-67720 Pyrofork has a Path Traversal in download_media Method

6.5CVSS6.2AI score0.00048EPSS

Exploits0References2

CNNVD•added 2025/12/11 12:0 a.m.•1 views

pyrofork 路径遍历漏洞

pyrofork is an interface framework open-sourced by Mayuri-Chan. A path traversal vulnerability exists in pyrofork 2.3.68 and earlier versions, which stems from not properly cleaning up filenames and can lead to file path construction issues...

6.5CVSS6.5AI score0.00048EPSS

Exploits0References2

OSV•added 2025/12/10 8:21 p.m.•1 views

GHSA-6H2F-WJHF-4WJX Pyrofork has a Path Traversal in download_media Method

Summary The downloadmedia method in Pyrofork does not sanitize filenames received from Telegram messages before using them in file path construction. This allows a remote attacker to write files to arbitrary locations on the filesystem by sending a specially crafted document with path traversal...

6.5CVSS6.5AI score0.00048EPSS

Exploits0References4

vulnersOsv•added 2025/12/10 8:21 p.m.•1 views

d4rktg (>=0.0.1 <=1.5.8), reposter (>=24.3.5 <=24.3.8) potentially affected by CVE-2025-67720 via pyrofork (>=2.3.45 <=2.3.68)

pyrofork PYPI version =2.3.45, =0.0.1, =24.3.5, =24.3.8 Source cves: CVE-2025-67720 Source advisory: OSV:GHSA-6H2F-WJHF-4WJX...

6.5CVSS5.8AI score0.00048EPSS

Exploits0