Lucene search
+L

15 matches found

nvd
nvd
added last week6 views

CVE-2026-59149

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWithstaticBaseDir. That prefix test has no path-separator boundary, so a...

6.5CVSS0.0033EPSS
Exploits0References5
pypa
pypa
added 2026/07/07 4:2 p.m.7 views

Litestar and Starlite vulnerable to Path Traversal

SummaryLocal File Inclusion via Path Traversal in LiteStar Static File ServingA Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensiti...

8.2CVSS6.1AI score0.00722EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/07/07 4:2 p.m.6 views

PYSEC-2026-1552 Litestar and Starlite vulnerable to Path Traversal

Summary Local File Inclusion via Path Traversal in LiteStar Static File Serving A Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to...

8.2CVSS6.1AI score0.00722EPSS
Exploits0References8
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-516 Ray Missing Authorization vulnerability

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7AI score0.81512EPSS
Exploits22References7
euvd
euvd
added 2026/06/26 4:15 p.m.8 views

EUVD-2026-39800

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
cve
cve
added 2026/02/19 2:18 p.m.25 views

CVE-2026-25527

Changedetection.io versions prior to 0.53.2 are vulnerable to unauthenticated local file read via path traversal in the /static// route when group=".." is supplied, potentially exposing source files (e.g., flask_app.py). Root cause: send_from_directory("static/..", filename) can escape the app di...

5.3CVSS5.4AI score0.00917EPSS
Exploits1References2Affected Software1
githubexploit
githubexploit
added 2025/07/29 4:16 p.m.127 views

Exploit for CVE-2025-54962

🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...

6.4CVSS6.3AI score0.00233EPSS
Exploits1
cnnvd
cnnvd
added 2025/02/07 12:0 a.m.5 views

Safetytest Cloud-Master Server 安全漏洞

Safetytest Cloud-Master Server is a cloud server from Safetytest, Inc. A security vulnerability exists in Safetytest Cloud-Master Server version 1.1.1 and earlier, which originates from the file /static/ that causes path traversal...

6.9CVSS5.5AI score0.0078EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/04/03 12:0 a.m.11 views

The vulnerability of the AI application scaling framework and Python Ray, related to deficiencies in the authentication process, allows attackers to read arbitrary files from the /static/ directory.

The vulnerability of the AI application scaling framework and Python Ray is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to read arbitrary files from the /static/ directory using a specially crafted HTTP request...

7.8CVSS7.1AI score0.14652EPSS
Exploits3References6Affected Software1
osv
osv
added 2023/11/16 9:30 p.m.5 views

GHSA-6CXR-8Q3M-JWRR Ray Missing Authorization vulnerability

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7.1AI score0.81512EPSS
Exploits22References5
osv
osv
added 2023/11/16 9:15 p.m.4 views

CVE-2023-6020

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...

7.5CVSS5.8AI score0.14652EPSS
Exploits3References1
cnnvd
cnnvd
added 2023/11/16 12:0 a.m.4 views

Ray Security breach

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. Ray has a security vulnerability that stems from a remote file inclusion LFI vulnerability in the /static/ directory. An attacker can exploit this vulnerability to read any file on the server...

7.5CVSS6.8AI score0.14652EPSS
Exploits3References2
ptsecurity
ptsecurity
added 2023/08/24 12:0 a.m.6 views

PT-2023-8892

Name of the Vulnerable Software and Affected Versions Ray affected versions not specified Description The issue is related to a lack of proper authorization procedure in the Ray framework, which can be exploited by a remote attacker to read arbitrary files in the /static/ directory using a...

7.8CVSS7.6AI score0.14652EPSS
Exploits3References23
veracode
veracode
added 2018/01/17 2:11 a.m.17 views

Unauthorized Modification

The filebrowser-safe library is vulnerable to unauthorized modification attacks. filebrowser-safe has a directory traversal issue which allows an authenticated administrative level user to rename or delete files under the static directory, above the filebrowser uploads directory. This level of...

6.6AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.9 views

Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability

No description provided by source. Exploit Title: Play! Framework = 1.0.3.1 Directory Transversal Vulnerability Date: July 24, 2010 Author: kripthor Software Link: http://www.playframework.org/ Version: Play! Framework = 1.0.3.1 Tested on: Ubuntu 10 CVE : N/A Notes: 28/07/2010 at 14:03 - Develope...

7.1AI score
Exploits0
Rows per page
Query Builder