CVE-2025-6209

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

PYSEC-2025-65

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

PYSEC-2025-65

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

CVE-2025-6209

CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...

Directory Traversal

Overview llama-index-readers-obsidian is a llama-index readers obsidian integration Affected versions of this package are vulnerable to Directory Traversal via the ObsidianReader process. An attacker can access arbitrary files outside the intended directory by creating symbolic links that point t...

Directory Traversal

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Directory Traversal via the ObsidianReader process. An attacker can access arbitrary files outside the intended directory by creating symbolic links that point to sensitive files,...

Directory Traversal

Overview llama-index-readers-obsidian is a llama-index readers obsidian integration Affected versions of this package are vulnerable to Directory Traversal via the loaddata method in the ObsidianReader class. An attacker can access sensitive system files by exploiting hardlinks to bypass path...

Directory Traversal

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Directory Traversal via the loaddata method in the ObsidianReader class. An attacker can access sensitive system files by exploiting hardlinks to bypass path restrictions. Details A...

PT-2025-28163 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: run-llama/llama index versions 0.12.27 through 0.12.40 Description: A path traversal vulnerability exists, specifically within the encode image function in generic utils.py, allowing an attacker to manipulate the image path input to read...

README: Robust Error-Aware Digital Signature Framework Via Deep Watermarking Model

Deep learning-based watermarking has emerged as a promising solution for robust image authentication and protection. However, existing models are limited by low embedding capacity and vulnerability to bit-level errors, making them unsuitable for cryptographic applications such as digital...

A Note on Single-Cut Full-Open Protocols

Card-based cryptography is a research area that realizes cryptographic protocols such as secure computation by applying shuffles to sequences of cards that encode input values. A single-cut full-open protocol is one that obtains an output value by applying a random cut to an input sequence of...

A Novel Four-Stage Synchronized Chaotic Map: Design and Statistical Characterization

Digital implementations of chaotic systems often suffer from inherent degradation, limiting their long-term performance and statistical quality. To address this challenge, we propose a novel four-stage synchronized piecewise linear chaotic map. This new map is meticulously designed with four...

RVISmith: Fuzzing Compilers for RVV Intrinsics

Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...

The vulnerability of the FreeScout support service management system, which arises due to the failure to address the issue of CRLF sequences (returning a carriage followed by a line break), allows a hacker to execute arbitrary code.

The vulnerability of the FreeScout support service management system exists due to the lack of measures to neutralize CRLF sequences returning the cursor after translating a line. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending special characters into the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileUploadHandler function in the rest.go file. An attacker can overwrite arbitrary files owned by the application user by uploading files with crafted path names, potentially modifying application behavior o...