WordPress plugin NextGEN Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-68145

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

Directory Traversal

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via improper validation of the path validation in repopath argument when...

EUVD-2025-204002

mcp-server-git has missing path validation when using --repository flag...

mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

GHSA-J22H-9J4X-23W5 mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

CVE-2025-68145

The CVE-2025-68145 issue affects mcp-server-git when started with the --repository flag. The root cause is missing validation of repo_path in subsequent tool calls, allowing operations on repositories outside the configured path. The fix adds path validation that resolves both the configured repo...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

PT-2025-51938

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description In mcp-server-git versions prior to 2025.12.17, the server did not validate that repo path arguments in subsequent tool calls were within the configured repository path when started with...

CVE-2025-43465

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43463

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data...

Local File Inclusion (LFI)

pythonmistralclient is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of file paths in the 'Create Workbook' feature, which allows an attacker to include and read arbitrary local files from the system...

Directory Traversal

ComposioHQ is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the downloadfileordir function, which allows an attacker to manipulate file paths and access sensitive files or directories on the system...

Path Traversal

db-gpt is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded file paths in the /v1/personal/agent/upload endpoint, which allows an attacker to write arbitrary files to sensitive locations and execute malicious code...

Directory Traversal

alexusmai laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the zip/archiving functionality, which allows an attacker to create crafted archives that include files and directories outside the intended scope...

CVE-2025-14344

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

CVE-2025-43463

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Tahoe 26.1, macOS Sequoia 15.7.3. An app may be able to access sensitive user data...

CVE-2025-43465

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...