GHSA-8X9J-2P8R-7XC6 ml-logger has path traversal in the file argument

A vulnerability was identified in geyang ml-logger 0.10.36 and prior. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2025-10951

A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely...

CVE-2025-10950

A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function loghandler of the file mllogger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack...

CVE-2025-10951 geyang ml-logger server.py log_handler path traversal

A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely...

VLA-RL 代码问题漏洞

VLA-RL is a visual language action model by the individual developer of lgx. A code issue vulnerability exists in VLA-RL, which stems from misuse of the parameter Message in the file experiments/robot/bridge/reasoningserver.py, which could lead to a deserialization attack...

PT-2025-39448

Name of the Vulnerable Software and Affected Versions LazyAGI LazyLLM versions prior to 0.6.2 Description A security issue has been identified in LazyAGI LazyLLM. This concerns the deserialization of data within the lazyllm call function located in the lazyllm/components/deploy/relay/server.py...

ML-Logger 路径遍历漏洞

ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. A path traversal vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from a misbehavior of the loghandler function in the...

ML-Logger 访问控制错误漏洞

ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. An access control error vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from an incorrect manipulation of the parameter...

InvokeAI has External Control of File Name or Path

Path Traversal Vulnerability in InvokeAI A path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it int...

CVE-2025-6237

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/bulkdownloaditemname endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...

CVE-2025-58751

A path traversal vulnerability has been identified in Vite’s static file serving logic, where files outside of the intended public directory may be served if their names share the same prefix or if symlinks are used to traverse upwards in the filesystem. An attacker could exploit this by placing ...

PT-2025-36528

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 7.1.5 Vite versions prior to 7.0.7 Vite versions prior to 6.3.6 Vite versions prior to 5.4.20 Description: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files...

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

CVE-2025-9418

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

Linux Distros Unpatched Vulnerability : CVE-2019-6799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an...

Linux Distros Unpatched Vulnerability : CVE-2021-22201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

CVE-2025-8562 Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter

The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can...

CVE-2025-8562

CVE-2025-8562 refers to a path traversal vulnerability in the WordPress plugin Custom Query Shortcode (versions

Linux Distros Unpatched Vulnerability : CVE-2019-7283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp...