CVE-2025-54387
IPX is an image optimizer (UnJS) vulnerable to a path-prefix bypass in its directory-check logic. Affected versions: 1.3.1 and earlier; 2.0.0-0 to 2.1.0; 3.0.0 to 3.1.0. The vulnerability allows bypassing allowed-directory checks via raw prefix comparison, potentially enabling access to files out...