702 matches found
MobSF - Path Traversal
MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...
Directory Traversal
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Dokploy 安全漏洞
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...
PT-2026-41686
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious input file can cause an out-of-bounds read of a single byte when writing an IPTC output file. An out-of-bounds read occurs when a program reads data...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor, which supports various authentication and authorization protocols. There is a security vulnerability in Casdoor, caused by insufficient path cleaning. This vulnerability could allow authenticated attackers with administrator privileges to...
PPTAgent 路径遍历漏洞
PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the markdowntabletoimage function, which could lea...
Cockpit 路径遍历漏洞
Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier had a path traversal vulnerability, which was caused by directory traversal in the Buckets component. This vulnerability could lead to arbitrary file writing...
Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
Summary A path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Example Given an extraction directory set to /tmp/extract, a crafted archive with an entry...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...
Directory Traversal
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the downloadURLgifimage parameter in the GIF poster upload process. An attacker can access and disclose arbitrary server-local files by...
PraisonAI 路径遍历漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 contained a path traversal vulnerability. This vulnerability stemmed from the template installation feature’s use of Zip Slip for arbitrary file writing. When downloadin...
LibreChat 路径遍历漏洞
LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Prior to LibreChat 0.8.4, there was a path traversal vulnerability. This vulnerability stemmed from trustin...
Group Office 代码问题漏洞
Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.156, 25.0.90, and 26.0.12 contained code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the AbstractSettingsCollection model, which could allo...
Langflow 访问控制错误漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow from 1.2.0 to 1.8.1 contain access control vulnerability issues. This vulnerability stems from the lack of boundary checks at the underlying storage layer,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the git resolver process. An attacker can access arbitrary files on the resolver pod by supplying crafted path input. Details A Directory Traversal attack also known as path traversal aims to access files and...
Pegasystems Pega Robot Studio 安全漏洞
Pegasystems Pega Robot Studio is an RPA Robotic Process Automation integration development environment provided by Pegasystems Corporation in the United States. There is a security vulnerability in Pegasystems Pega Robot Studio. This vulnerability stems from the possibility of arbitrary file...
Stirling-PDF 安全漏洞
Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...
ApostropheCMS 路径遍历漏洞
ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS prior to 3.5.3 had a path traversal vulnerability. This vulnerability stemmed from unparsed sections of path connections, which could lead to arbitrary file writing...
vaadin 安全漏洞
Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in Vaadin versions 14.14.0 and earlier, 23.6.6...
OESA-2026-1488 hsqldb security update
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...