Résumé
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests
- MEDIUMGHSA-4XGF-CPJX-PC3J
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
- HIGHGHSA-F4XH-W4CJ-QXQ8
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
- MEDIUMGHSA-CW6H-FFMH-X6VH
Anki: User scripts in iframes have access to the internal Anki API
- HIGHGHSA-C795-2G9C-J48M
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
- MEDIUMGHSA-48X2-6PR9-2JJF
Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data