📄 mPDF 8.1.0 Server-Side Request Forgery / Local File Disclosure / DoS

mPDF version 8.1.0 is vulnerable to multiple security issues related to unsafe handling of external resources, file paths, and image content during HTML-to-PDF rendering. When untrusted or partially trusted HTML input is processed, attackers may exploit insufficient validation to trigger...

EUVD-2019-9833

Malware in sbrugna...

EUVD-2012-5061

Malware in sbrugna...

CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

MoneyPrinterTurbo 路径遍历漏洞

MoneyPrinterTurbo is a software by Harry's personal developer that generates short HD videos using AI macromodels. A path traversal vulnerability exists in MoneyPrinterTurbo 1.2.6 and earlier versions, which stems from a misuse of the parameter filepath in the file app/controllers/v1/video.py,...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio 0.1.17 and earlier versions, which stems from improper handling of the parameter filePath in the file apps/sim/app/api/files/parse/route.ts, which could lead to path traversal...

CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

CVE-2023-2288

The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP 8.0 using the phar:// stream wrapper...

CVE-2019-1268

An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'...

Alibaba Cloud Linux 3 : 0241: container-tools:rhel8 (ALINUX3-SA-2024:0241)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0241 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-9341: A flaw was found in Go. Whe...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CLSA-2025-1746188134 buildah: Fix of CVE-2024-9341

CVE-2024-9341: fix insecure handling of file paths inside vendored c/common...

Serosoft Solutions Academia Student Information System EagleR 安全漏洞

Serosoft Solutions Academia Student Information System EagleR is a student information system from Serosoft Solutions, India. A security vulnerability exists in Serosoft Solutions Academia Student Information System EagleR version 1.0.118, which stems from improper manipulation of the file path...

The vulnerability of the NTLM Hash component of the Windows operating system, which allows a hacker to perform spoofing attacks

The vulnerability of the NTLM Hash component of the Windows operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows attackers to compromise the confidentiality of protected information.

The vulnerability of the PAN-OS operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality of protected information...

TCS BaNCS 安全漏洞

TCS BaNCS Tata Consultancy Services BaNCS is a core banking software suite from TCS Corporation. A security vulnerability exists in TCS BaNCS version 10, which stems from an incorrect operation of the parameter FilePath can result in file inclusion...

Directory Traversal

Gradio is vulnerable to Directory Traversal. The vulnerability is due to improper file path handling in the /customcomponent endpoint, allowing attackers to access source code from custom components by manipulating the file path...

Arbitrary Code Execution

github.com/liamg/gitjacker is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of file paths, allowing directory traversal with a crafted .git directory...