Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileUploadHandler function in the rest.go file. An attacker can overwrite arbitrary files owned by the application user by uploading files with crafted path names, potentially modifying application behavior o...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileUploadHandler function in the rest.go file. An attacker can overwrite arbitrary files owned by the application user by uploading files with crafted path names, potentially modifying application behavior o...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...

Exploit for Path Traversal in Rarlab Winrar

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerab...

Directory Traversal

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Directory Traversal via the /api/BackupV2/upload and /api/BackupV2/download endpoints. An attacker can access arbitrary files on the underlying filesystem by supplying...

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a process injection...

Output Messenger < 2.0.63 Multiple Vulnerabilities

The version of Output Messenger formerly Srimax Output Messenger is affected by multiple vulnerabilities, as follows: - Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access...

ROS-20250630-08

A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...

Directory Traversal

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the flag argument in /v1/file. An attacker can access...

Directory Traversal

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the purpose parameter in the /v1/files endpoint. An...

Directory Traversal

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the parsefile function in the...

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

Directory Traversal

Overview lightrag-hku is a LightRAG: Simple and Fast Retrieval-Augmented Generation Affected versions of this package are vulnerable to Directory Traversal via the uploadtoinputdir function in the file api/routers/documentroutes.py. An attacker can access or modify files outside the intended...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AddTemp function. An attacker can access or modify files outside the intended directory by supplying crafted input to the filename parameter. Details A Directory Traversal attack also known as path traversal...

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

Advancing Jailbreak Strategies: a Hybrid Approach to Exploiting LLM Vulnerabilities and Bypassing Modern Defenses

The advancement of Pre-Trained Language Models PTLMs and Large Language Models LLMs has led to their widespread adoption across diverse applications. Despite their success, these models remain vulnerable to attacks that exploit their inherent weaknesses to bypass safety measures. Two primary...

curl: OS Command Injection in scripts/firefox-db2pem.sh via untrusted certificate nicknames

On AI usage: Only for grammar/formatting suggestions/POC code troubleshooting; all vulnerability discovery, POC code creation, and analysis were done manually. Hey folks, I noticed something I think is worth bringing to you-- scripts/firefox-db2pem.sh helper in the curl source uses eval certutil ...

Security Bulletin: Jinja Template Sandbox Escape via Indirect str.format Execution Prior to 3.1.5

Summary Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control...

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...