Path Traversal

YesWiki is vulnerable to Path Traversal. The vulnerability is due to insufficient input validation due to improper sanitization of the squelette parameter, allowing unauthorized file read access on the server...

CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...

PT-2025-22415 · Automationdirect · Mb-Gateway

Name of the Vulnerable Software and Affected Versions: AutomationDirect MB-Gateway affected versions not specified Description: The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, ...

PT-2025-15775 · Unknown · Ultra Demo Importer

Name of the Vulnerable Software and Affected Versions: Ultra Demo Importer versions 1.0.5 and earlier Description: A Cross-Site Request Forgery CSRF issue allows attackers to upload a web shell to a web server. This enables potential cyber threats, including server compromise. Recommendations: Fo...

xorg-x11-server security update

1.20.4-29.0.1 - Fixed CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 - CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 - CVE-2025-26601 Orabug: 37712847...

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability

About Remote Code Execution - Apache Tomcat CVE-2025-24813 vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of...

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...

CVE-2025-31577 WordPress Appointify plugin <= 1.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify appointify allows Upload a Web Shell to a Web Server.This issue affects Appointify: from n/a through = 1.0.8...

CVE-2025-31577

CVE-2025-31577 (Appointify) Unrestricted Upload of File with Dangerous Type in Appointify, allowing an authenticated admin to upload a Web Shell to the web server. Affected software: Appointify (WordPress plugin) up to version 1.0.8. The cited CVSS data (3.1) indicates a base score of 6.6 (Medium...

CVE-2025-3022 OS Command Injection vulnerability in e-management of e-solutions

Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint...

CVE-2025-2865

CVE-2025-2865 affects Arteche/saTECH BCU firmware 2.1.3. The issue is a reflected/stored cross-site scripting (XSS) vulnerability in the web server that could cause malicious resources to be stored and interpreted by victims when visiting the affected site. Multiple sources corroborate firmware 2...

CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...

CVE-2025-28220

Tenda W6S v1.0.0.4510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request...

CVE-2024-9070

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

GHSA-9G44-GWVM-HC44 BentoML deserialization vulnerability

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

H2O Vulnerable to Arbitrary File Overwrite via File Export

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

CVE-2024-10986

GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...

CVE-2024-6829

CVE-2024-6829 affects aimhubio/aim 3.19.3. The vulnerability arises in tarfile.extractall(), allowing an attacker-controlled tarfile to be extracted to arbitrary locations on the host by manipulating repo.path and run_hash. This bypasses directory existence checks and can result in arbitrary file...

CVE-2024-8982 Local File Inclusion in bentoml/openllm

A Local File Inclusion LFI vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical dat...

CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...