2097 matches found
CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
CVE-2025-68476
CVE-2025-68476 affects KEDA . Prior to versions 2.17.3 and 2.18.3 , there is an Arbitrary File Read via insufficient path validation when loading the Service Account Token in spec.hashiCorpVault.credential.serviceAccount . An attacker with permissions to create/modify a TriggerAuthentication reso...
GHSA-C4P6-QG4M-9JMR KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...
keda 安全漏洞
keda is a Kubernetes scaling software open source by KEDA. A security vulnerability exists in keda versions prior to 2.17.3 and prior to 2.18.3, which stems from insufficient path validation in TriggerAuthentication and could lead to arbitrary file reads...
SUSE-SU-2025:4491-1 Security update for mariadb
This update for mariadb fixes the following issues: Update to version 10.5.29. Release notes and changelog: - https://mariadb.com/kb/en/mariadb-10-5-29-release-notes/ - https://mariadb.com/kb/en/mariadb-10-5-29-changelog/ - https://mariadb.com/kb/en/mariadb-10-5-28-release-notes/ -...
CVE-2025-67442
EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...
CVE-2025-68145
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
WordPress plugin NextGEN Gallery 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-68145
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
Directory Traversal
Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via improper validation of the path validation in repopath argument when...
GHSA-J22H-9J4X-23W5 mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
EUVD-2025-204002
mcp-server-git has missing path validation when using --repository flag...
mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
CVE-2025-68145
CVE-2025-68145 affects mcp-server-git. Prior to 2025.12.17, when started with --repository to constrain to a single repo, the server did not validate that repo_path arguments in subsequent tool calls stayed within the configured path, potentially allowing operations on other repositories accessib...
CVE-2025-67643
Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...
PT-2025-51938
Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description In mcp-server-git versions prior to 2025.12.17, the server did not validate that repo path arguments in subsequent tool calls were within the configured repository path when started with...
CVE-2025-43465
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43463
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data...