CVE-2025-14896 | yuzutech kroki convert spec file access

Inserito da Angelo Barbosa | Dic 18, 2025 | CVE

A vulnerability was found in yuzutech kroki. It has been declared as problematic. The affected element is the function convert. Executing manipulation of the argument spec can lead to files or directories accessible.

This vulnerability is registered as CVE-2025-14896. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-14896 | yuzutech kroki convert spec file access

Post correlati

CVE-2024-2176 | Google Chrome prior 122.0.6261.111 FedCM use after free

CVE-2025-24580 | Code for Recovery 12 Step Meeting List Plugin up to 3.16.5 on WordPress authorization

CVE-2024-20315 | Cisco IOS XR MPLS Interface access control (cisco-sa-iosxr-acl-bypass-RZU5NL3e)

CVE-2024-6451 | AI Engine Plugin up to 2.5.0 on WordPress File Extension logs_path unrestricted upload