CVE-2026-8115 | gyoridavid short-video-maker up to 1.3.4 REST API rest.ts req.params.tmpFile path traversal (Issue 73)

A vulnerability, which was classified as problematic, was found in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal.

This vulnerability is reported as CVE-2026-8115. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-8115 | gyoridavid short-video-maker up to 1.3.4 REST API rest.ts req.params.tmpFile path traversal (Issue 73)

Post correlati

CVE-2024-2378 | Hitachi Energy SDM600 prior 1.3.4.572 Web-Authentication authorization

CVE-2025-5511 | quequnlong shiyi-blog up to 1.2.1 photos improper authorization

CVE-2024-5792 | Houzez CRM Plugin up to 1.4.2 on WordPress sql injection

CVE-2025-0910 | Tracker Software PDF-XChange Editor U3D File Parser out-of-bounds write