Summary
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
References
Related vulnerabilities
All Supply chain →- CRITICALGHSA-W7MQ-R738-X278
Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload
- HIGHGHSA-V7J5-VC4M-723W
Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
- HIGHGHSA-74P7-6H78-GW8P
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
- MEDIUMGHSA-49P4-PX3H-RQ49
Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive
- MEDIUMGHSA-4MVW-J8R9-XCGC
OpenCTI May Bypass Introspection Restriction
- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests