Lucene search
+L

67 matches found

NVD
NVD
added 2026/07/01 7:16 p.m.8 views

CVE-2026-49119

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS0.0069EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 6:30 p.m.23 views

CVE-2026-49119

Gradio

8.7CVSS5.9AI score0.0069EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/01 6:30 p.m.36 views

CVE-2026-49119 Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS0.0069EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 6:30 p.m.4 views

CVE-2026-49119 Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS6.1AI score0.0069EPSS
Exploits0References7
OSV
OSV
added 2026/05/27 3:20 p.m.4 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS6.1AI score0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 3:20 p.m.11 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS5.9AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:59 p.m.11 views

CVE-2026-8756

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

7.5CVSS6.6AI score0.00512EPSS
Exploits0References1
CVE
CVE
added 2026/05/17 1:0 p.m.18 views

CVE-2026-8756

CVE-2026-8756 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a path traversal vulnerability in the Gradio Interface’s webui_preprocess.py, specifically in generate_config. The issue arises from manipulating the data_dir argument, enabling remote exploita...

7.5CVSS6.6AI score0.00512EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 1:0 p.m.8 views

CVE-2026-8756 fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_config path traversal

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

7.5CVSS6.6AI score0.00512EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 1:0 p.m.13 views

EUVD-2026-30702

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

7.5CVSS6.6AI score0.00512EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 1:0 p.m.6 views

CVE-2026-8756

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

7.5CVSS6.6AI score0.00512EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 1:0 p.m.53 views

CVE-2026-8756 fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_config path traversal

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

7.5CVSS0.00512EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.18 views

PT-2026-41567

Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions up to 8f7fbd8c4770965225d258db548da27dc8dd934c Description A path traversal issue exists in the Gradio Interface component. A remote attacker can manipulate the data dir argument within the generate config functio...

7.5CVSS7.1AI score0.00512EPSS
Exploits0References6
OSV
OSV
added 2026/05/11 4:9 p.m.6 views

GHSA-C567-44RC-M5HQ @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

8.2CVSS6AI score0.00271EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 4:9 p.m.11 views

@rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

8.2CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/08 12:0 a.m.10 views

CurricuLLM: Designing Personalized and Workforce-Aligned Cybersecurity Curricula Using Fine-Tuned LLMs

The cybersecurity landscape is constantly evolving, driven by increased digitalization and new cybersecurity threats. Cybersecurity programs often fail to equip graduates with skills demanded by the workforce, particularly concerning recent developments in cybersecurity, as curriculum design is...

6.8AI score
Exploits0
Veracode
Veracode
added 2026/01/02 2:6 p.m.7 views

Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of malformed data structures in the preProcess functions, which allows an attacker to manipulate JavaScript object prototypes via crafted properties such as define, leading to denial of service or...

9.3CVSS6.7AI score0.00443EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/27 4:46 p.m.5 views

CVE-2025-13158

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

9.3CVSS6.9AI score0.00443EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/26 6:30 p.m.7 views

Prototype Pollution

Overview apidoc-core is a Core parser library to generate apidoc result following the apidoc-spec Affected versions of this package are vulnerable to Prototype Pollution via the preProcess function in apigroup.js, apiparamtitle.js, apiuse.js, and apipermission.js. An attacker can alter object...

9.8CVSS8AI score0.00443EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 6:30 p.m.2 views

GHSA-6VJ3-P34W-XXJP apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

9.3CVSS6AI score0.00443EPSS
Exploits0References3
Rows per page
Query Builder