19 matches found
CVE-2026-26329
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...
PT-2026-20372
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passes these paths ...
CVE-2025-65897
zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files...
PT-2025-49259
Name of the Vulnerable Software and Affected Versions zdh web versions through 5.6.17 Description zdh web is a data collection, processing, monitoring, scheduling, and management platform. Insufficient validation of file upload paths allows an authenticated user to write arbitrary files to the...
BIT-JOOMLA-2021-23132 [20210306] - Core - com_media allowed paths that are not intended for image uploads
An issue was discovered in Joomla! 3.0.0 through 3.9.24. commedia allowed paths that are not intended for image uploads...
Gradio < 4.19.2 Vulnerability - CVE-2024-1728
The version of Gradio installed on the remote host is prior to 4.19.2. It is, therefore, affected by a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the...
VMware Spring Cloud Data Flow Security Vulnerability
VMware Spring Cloud Data Flow is a codebase for streaming and batch processing of data in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow that stems from. Improperly cleaned upload paths could allow an attacker to write arbitrary files to any...
PT-2024-40089 · Silverstripe · Silverstripe-Secureassets +1
Name of the Vulnerable Software and Affected Versions: silverstripe-userforms versions prior to 3.0.0 silverstripe-userforms version 3.0.0 when used with silverstripe-secureassets module Description: The issue allows CMS administrators to create public-facing forms with file upload abilities, whi...
Duplicate Advisory: Gradio Local File Inclusion vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m842-4qm8-7gpq. This link is maintained to preserve external references. Original Description gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied...
CVE-2024-1728
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...
CVE-2024-1728 Local File Inclusion in gradio-app/gradio
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...
CVE-2024-1728 Local File Inclusion in gradio-app/gradio
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...
CVE-2024-1728
Gradio has a local file inclusion/path traversal vulnerability in the UploadButton component (affecting Gradio prior to 4.19.2). Attackers could read arbitrary files on the host (e.g., private keys) by manipulating the file path in requests to /queue/join, with potential remote code execution ris...
SDWAN: Virtual paths are flapping.
The virtual paths are fluctuating from GOOD to BAD/DEAD and vice versa. This can be checked under Monitoring Statistics Path Summary table. The Loss % of upload paths of DC to Branch SDWAN were showing 43 % and 8 % as shown below:...
DEBIAN-CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
UBUNTU-CVE-2021-32708
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...
WordPress和Fancy Product Designer 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A code issue exists in the WordPress plugin Fancy Product Designer, which originates from "wp-admin" or...
mybb -- multible vulnerabilities
mybb Team reports: High risk: Installer RCE on settings file write Medium risk: Arbitrary upload paths and Local File Inclusion RCE Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data Low risk: Open redirect on login Low risk: SCEditor reflected XSS...
SOOP Portal Raven 1.0 Shell Upload
In The Name Of GOD ============================================================================== SOOP Portal Raven 1.0 fckeditor Arbitrary File Upload Vulnerability ============================================================================== » Title : SOOP Portal Raven 1.0 fckeditor Arbitrary...