4 matches found
CVE-2025-62382
CVE-2025-62382 affects Frigate (network video recorder for IP cameras). Before v0.16.2, the export workflow lets an authenticated operator nominate any filesystem path as the thumbnail source for a video export. The chosen path is copied verbatim into the publicly served clips directory, enabling...
Path Traversal
llama-index-core is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of the imagepath parameter in the encodeimage function, allowing attackers to access arbitrary files on the server...
PYSEC-2025-65
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
CVE-2014-1836
ImpressCMS 1.3.5 and earlier contain an absolute path traversal in htdocs/libraries/image-editor/image-edit.php via the image_path parameter in a cancel action, enabling remote attackers to delete arbitrary files. This is associated with CVE-2014-1836 and is documented in multiple advisories (GHS...