10 matches found
CVE-2026-8115
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...
Directory Traversal
Overview short-video-maker is a Creates short videos for TikTok, Instagram Reels, and YouTube Shorts using the Model Context Protocol MCP and a REST API. Affected versions of this package are vulnerable to Directory Traversal via the req.params.tmpFile parameter in the REST API. An attacker can...
NPM: short-video-maker has a path traversal vulnerability
NPM: short-video-maker has a path traversal vulnerability discovered by ? in WordPress Npm short-video-maker versions = 1.3.4...
GHSA-935G-9RQ5-Q95C short-video-maker has a path traversal vulnerability
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...
short-video-maker has a path traversal vulnerability
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...
CVE-2026-8115 gyoridavid short-video-maker REST API rest.ts path traversal
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...
CVE-2026-8115
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...
CVE-2026-8115 gyoridavid short-video-maker REST API rest.ts path traversal
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...
CVE-2026-8115
CVE-2026-8115 affects gyoridavid short-video-maker (up to v1.3.4). The vulnerability is in the REST API component, specifically the file path src/server/routers/rest.ts. An input manipulation of req.params.tmpFile enables path traversal, with remote exploitation possible. Public exploit exists. T...
Short Video Maker 路径遍历漏洞
Short Video Maker is an automated short video generation tool developed by David Gyori. Versions of Short Video Maker 1.3.4 and earlier had a path traversal vulnerability. This vulnerability stemmed from the paramics.tmpFile operation in the REST API component, allowing for path traversal and...