CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

PT-2025-23011 · Auth-Js · Auth-Js

Name of the Vulnerable Software and Affected Versions: auth-js versions prior to 2.69.1 Description: The issue concerns the auth-js library, an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, certain library functions such as getUserById, deleteUser, updateUserById,...

CVE-2025-21622

CVE-2025-21622 affects ClipBucket V5. The issue arises in the avatar deletion workflow where avatar_url is treated as a file path within the avatars directory without validating path traversal sequences. The final $file variable can be tainted by traversal inputs stored in the DB, enabling deleti...

Oceanic 安全漏洞

Oceanic is a NodeJS library for interacting with Discord open-sourced by Oceanic. A security vulnerability exists in Oceanic versions prior to 1.10.4, which stems from uncleaned user input that may result in URL path traversal...

Gira KNX/IP-Router 路径遍历漏洞

The Gira KNX/IP-Router is a secure router for public buildings from Gira. A security vulnerability exists in Gira KNX/IP-Router versions 3.1.3683.0 and 3.3.8.0, which stems from a vulnerability that allows an attacker to read sensitive files via a directory traversal sequence in a URL...

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...