Audiobookshelf 路径遍历漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.2 had a path traversal vulnerability. This vulnerability stemmed from the use of String StartsWith for path validation, allowing authenticated users to detect the existence ...

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47949 CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization via the createfolder process. An attacker can create unauthorized folders in another user's account, potentially flooding the victim's folder tree or planting phishing content, by...

GHSA-HR43-RJMR-7WMM Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts Affected Component Folder creation endpoint and form model: - backend/openwebui/models/folders.py lines 72-77, FolderForm with extra='allow' - backend/openwebui/models/folders.py lines 95-106,...

Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts Affected Component Folder creation endpoint and form model: - backend/openwebui/models/folders.py lines 72-77, FolderForm with extra='allow' - backend/openwebui/models/folders.py lines 95-106,...

CVE-2026-41587 CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

GHSA-GH9P-Q46P-57G2 phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...

Directory Traversal

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the deleteClientFolder process. An attacker can delete arbitrary directories on the server by submitting a crafted URL containing...

Directory Traversal

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the deleteClientFolder process. An attacker can delete arbitrary directories on the server by submitting a crafted URL containing...

phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...

GHSA-33M5-HQP9-97PW Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

GHSA-3GMF-P6R4-Q8M6 Apache Wicket has a Path Traversal issue

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

Directory Traversal

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

PT-2026-37432

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket versions 9.0.0 through 9.22.0 Apache Wicket versions 10.0.0 through 10.8.0 Description FolderUploadsFileManager fails to validate or sanitize the uploadFieldId parameter or the...

PT-2026-37568

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the hfs component where the use of BUG ON to detect overflows in next id, folder count, and file count within the super block info can be triggered if the MDB Master...

PT-2026-38287

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.17 Description The actionShowInFolder function within the AssetsController fetches an asset by ID and returns its filename and complete folder hierarchy, including volume handle, volume UID, folder name...

GHSA-838G-GR43-QQG9 PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_data

Summary No sanitization of package folder name allows writing files anywhere outside the intended download directory. Affected Component - src/pyload/core/api/init.py - Function: setpackagedata Details When passing a folder name in the setpackagedata API function call inside the data object with...

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the setpackagedata function. An attacker can overwrite or create files in arbitrary directories by supplying crafted values to the...