PT-2025-23172 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to insufficient validation of user input in the php path parameter, allowing code injection. This occurs because backticks characters and tabulation are not removed from us...

VulnCheck KEV: CVE-2021-41714

In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...

opencms 路径遍历漏洞

opencms is a CMS system by the individual developer fumiao. A path traversal vulnerability exists in opencms, which stems from an incorrect operation of the path parameter that can lead to path traversal...

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the path parameter due to improper input sanitization. An attacker can read arbitrary files on the server by manipulating the input to...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the /3/ImportFiles endpoint. An attacker can cause the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests by recursively...

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

CVE-2024-11603

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

FastChat 代码问题漏洞

FastChat is an open platform from LMSYS for training, deploying and evaluating chatbots based on large-scale language models. A code issue vulnerability exists in FastChat version 0.2.36, which stems from insufficient validation of path parameters and could lead to a server-side request forgery...

LLaVA 代码问题漏洞

LLaVA is an application by the individual developer Haotian Liu. A code issue vulnerability exists in LLaVA version 1.2.0, which stems from insufficient validation of path parameters and could lead to a server-side request forgery attack...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

GL.iNet Beryl AX GL-MT3000 安全漏洞

GL.iNet Beryl AX GL-MT3000 is a portable WiFi 6 router from China's Guanglian Zhitong GL.iNet. It is used to provide network connectivity and supports 2.5G network ports and a variety of features. A security vulnerability exists in GL.iNet Beryl AX GL-MT3000 version v4.7.0, which stems from...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

CVE-2025-26014

A Remote Code Execution RCE vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter...

CVE-2025-26014

A Remote Code Execution RCE vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter...

Loggrove 安全漏洞

Loggrove is a web platform service by olajowon individual developers. A security vulnerability exists in Loggrove v.1.0, which originates from the execution of arbitrary code via the path parameter...

PT-2025-7594 · Loggrove · Loggrove

Name of the Vulnerable Software and Affected Versions: Loggrove version 1.0 Description: A Remote Code Execution RCE issue allows a remote attacker to execute arbitrary code via the path parameter. Recommendations: For Loggrove version 1.0, avoid using the path parameter in affected API endpoints...

PT-2025-6706 · Unknown · Yeqifu Carrental

Name of the Vulnerable Software and Affected Versions: yeqifu carRental version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the "file/downloadFile.action?path=" component. This is a Directory Traversal vulnerability, which can be exploited to access...

Loggrove 命令注入漏洞

Loggrove is a web platform service by olajowon individual developers. Loggrove suffers from a command injection vulnerability that stems from the path parameter of /read/?page=1&logfile=eee&match= contains an operating system command injection vulnerability...

CVE-2024-54909

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download...