21016 matches found
K000152678: BusyBox vulnerability CVE-2025-46394
Security Advisory Description In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. CVE-2025-46394 Impact An attacker could exploit this vulnerability by creating a TAR archive containing malicious files with names...
git: Git does not sanitize URLs when asking for credentials interactively
A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...
Directory Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the json/upload endpoint when the filename parameter is manipulated. An attacker can write arbitrary files to any location accessibl...
GHSA-H7X8-JV97-FVVM Dagster Local File Inclusion vulnerability
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
Dagster Local File Inclusion vulnerability
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
Directory Traversal
Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to Directory Traversal via the getnotebookdata function in the grpc/impl.py file, which checks path validation only if the...
PYSEC-2025-102
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
CVE-2025-51481
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
CVE-2025-51481
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
PYSEC-2025-102
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
Directory Traversal
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal via the saveexternaldata function. An attacker can overwrite arbitrary files by supplying crafted values to the externaldata.location parameter containing traversal sequences,...
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
PYSEC-2025-148
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
PYSEC-2025-148
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
AZL-65658 CVE-2025-51480 affecting package pytorch 2.2.2-12
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
AZL-65661 CVE-2025-51480 affecting package pytorch 2.0.0-14
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
UBUNTU-CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
Directory Traversal
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the restorerunbackup function. An attacker can overwrite critical system files or application configurations by writing arbitrary files to the...