CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

UBUNTU-CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

Directory Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the restorerunbackup function. An attacker can overwrite critical system files or application configurations by writing arbitrary files to the...

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

PT-2025-30442 · Dagster · Dagster

Name of the Vulnerable Software and Affected Versions: Dagster version 1.10.14 Description: A local file inclusion issue exists in the dagster. grpc.impl.get notebook data function. Attackers with access to the gRPC server can read arbitrary files by providing path traversal sequences in the...

CVE-2025-51480

A CVE-2025-51480 exists for ONNX 1.17.0 reporting a path traversal flaw in onnx.external_data_helper.save_external_data that lets an attacker overwrite arbitrary files by crafted external_data.location traversal sequences. Affected component is ONNX 1.17.0; root cause involves directory traversal...

CVE-2025-51481

CVE-2025-51481 affects Dagster 1.10.14 and relates to a Local File Inclusion in dagster._grpc.impl.get_notebook_data, where a path traversal sequence in the notebook_path field of ExternalNotebookData requests can cause arbitrary file reads by bypassing the extension-based check. Public sources c...

CVE-2025-51481

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

CVE-2025-51481

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

GHSA-XQPG-92FQ-GRFG `pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write

Summary An authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible ...

`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write

Summary An authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible ...

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

Directory Traversal

Overview org.apache.jena:jena-fuseki-webapp is a Fuseki is a SPARQL 1.1 Server which provides the SPARQL query, SPARQL update and SPARQL graph store protocols. Affected versions of this package are vulnerable to Directory Traversal via the Fuseki Web UI. An attacker can create files outside the...

PT-2025-30362 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev90 Description: pyLoad contains an authenticated path traversal vulnerability in the /json/upload endpoint. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended...

Directory Traversal

Overview MoneyPrinterTurbo is a Simply provide a topic or keyword for a video, and it will automatically generate the video copy, video materials, video subtitles, and video background music before synthesizing a high-definition short video.. Affected versions of this package are vulnerable to...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the path.join function. An attacker can bypass the path traversal protection and access restricted files by crafting specific path inputs that leverage Windows reserved driver names such as CON, PRN, and AUX. Note...

CVE-2025-34118

A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/',...