15 matches found
CVE-2026-59149
Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWithstaticBaseDir. That prefix test has no path-separator boundary, so a...
Litestar and Starlite vulnerable to Path Traversal
SummaryLocal File Inclusion via Path Traversal in LiteStar Static File ServingA Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensiti...
PYSEC-2026-1552 Litestar and Starlite vulnerable to Path Traversal
Summary Local File Inclusion via Path Traversal in LiteStar Static File Serving A Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to...
PYSEC-2026-516 Ray Missing Authorization vulnerability
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...
EUVD-2026-39800
Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...
CVE-2026-25527
Changedetection.io versions prior to 0.53.2 are vulnerable to unauthenticated local file read via path traversal in the /static// route when group=".." is supplied, potentially exposing source files (e.g., flask_app.py). Root cause: send_from_directory("static/..", filename) can escape the app di...
Exploit for CVE-2025-54962
🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...
Safetytest Cloud-Master Server 安全漏洞
Safetytest Cloud-Master Server is a cloud server from Safetytest, Inc. A security vulnerability exists in Safetytest Cloud-Master Server version 1.1.1 and earlier, which originates from the file /static/ that causes path traversal...
The vulnerability of the AI application scaling framework and Python Ray, related to deficiencies in the authentication process, allows attackers to read arbitrary files from the /static/ directory.
The vulnerability of the AI application scaling framework and Python Ray is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to read arbitrary files from the /static/ directory using a specially crafted HTTP request...
GHSA-6CXR-8Q3M-JWRR Ray Missing Authorization vulnerability
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...
CVE-2023-6020
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...
Ray Security breach
Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. Ray has a security vulnerability that stems from a remote file inclusion LFI vulnerability in the /static/ directory. An attacker can exploit this vulnerability to read any file on the server...
PT-2023-8892
Name of the Vulnerable Software and Affected Versions Ray affected versions not specified Description The issue is related to a lack of proper authorization procedure in the Ray framework, which can be exploited by a remote attacker to read arbitrary files in the /static/ directory using a...
Unauthorized Modification
The filebrowser-safe library is vulnerable to unauthorized modification attacks. filebrowser-safe has a directory traversal issue which allows an authenticated administrative level user to rename or delete files under the static directory, above the filebrowser uploads directory. This level of...
Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability
No description provided by source. Exploit Title: Play! Framework = 1.0.3.1 Directory Transversal Vulnerability Date: July 24, 2010 Author: kripthor Software Link: http://www.playframework.org/ Version: Play! Framework = 1.0.3.1 Tested on: Ubuntu 10 CVE : N/A Notes: 28/07/2010 at 14:03 - Develope...