CVE-2025-22240 – GitFS Path Traversal Vulnerability

June 13, 2025

CVE ID : CVE-2025-22240

Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago

Description : Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master’s process has permissions to.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-22241 – Apache Ansible VirtKey Directory Traversal Vulnerability

Next Article CVE-2025-22239 – Salt Master Arbitary Event Injection Vulnerability

Highlights

CVE-2025-46722 – VLLM Image Hash Collision Vulnerability

May 29, 2025

CVE ID : CVE-2025-46722

Published : May 29, 2025, 5:15 p.m. | 4 hours, 18 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30×100 and 100×30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2025-22240 – GitFS Path Traversal Vulnerability

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

CVE-2025-47677 – GT3themes Photo Gallery Stored Cross-site Scripting

Meta Introduces LlamaRL: A Scalable PyTorch-Based Reinforcement Learning RL Framework for Efficient LLM Training at Scale

mortexa/laravel-arkitect

A Coding Implementation of Accelerating Active Learning Annotation with Adala and Google Gemini

CVE-2025-46722 – VLLM Image Hash Collision Vulnerability

Cast Model Properties to a Uri Instance in 12.17

Beyond the Prompt: Finding the AI Design Tool That Actually Works for Designers

CVE-2025-5577 – PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability

CVE-2025-22240 – GitFS Path Traversal Vulnerability

Related Posts