Skip to main content

Short Video Maker

1 CVEs product

Monthly

CVE-2026-8115 npm MEDIUM POC This Month

Path traversal vulnerability in gyoridavid short-video-maker up to version 1.3.4 allows remote unauthenticated attackers to read arbitrary files on the server by manipulating the tmpFile parameter in REST API requests. The vulnerability exists in the REST API endpoint src/server/routers/rest.ts and has a publicly available proof-of-concept, though it is not currently confirmed as actively exploited in the wild. With a CVSS score of 5.3 (low/moderate), the vulnerability impacts confidentiality only, enabling information disclosure without requiring authentication or user interaction.

Path Traversal Short Video Maker
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal vulnerability in gyoridavid short-video-maker up to version 1.3.4 allows remote unauthenticated attackers to read arbitrary files on the server by manipulating the tmpFile parameter in REST API requests. The vulnerability exists in the REST API endpoint src/server/routers/rest.ts and has a publicly available proof-of-concept, though it is not currently confirmed as actively exploited in the wild. With a CVSS score of 5.3 (low/moderate), the vulnerability impacts confidentiality only, enabling information disclosure without requiring authentication or user interaction.

Path Traversal Short Video Maker
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy