21289 matches found
Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts
Co-authored by Yaron Kaplan and Gil Shamgar. AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise." These alerts go beyond traditional threat detection by focusing on attack...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and Node.js
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor CVE-2019-20916, CVE-2021-37714, CVE-2016-2175, CVE-2025-26791, CVE-2025-1470, CVE-2025-1471. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVE's and this bulletin contains information regarding the vulnerability and its fixture Vulnerability Details CVEID:CVE-2019-10082 DESCRIPTION: Apache HTTP Server could allow a remote...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...
CVE-2024-57170
SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...
Directory Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal via the downloadfile method. An attacker can access sensitive information, including configuration files and credentials, by exploiting this...
Directory Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the path parameter due to improper input sanitization. An attacker can read arbitrary files on the server by manipulating the input to...
Directory Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the /delete-workflow endpoint. An attacker can delete arbitrary files from the filesystem by manipulating file paths to access...
Directory Traversal
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal in the LockManager.releaselocks function. An attacker can delete arbitrary files on the filesystem by passing an absolute path to the target file ...
Directory Traversal
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal via the downloadmodel function. An attacker can overwrite files in the user's directory by exploiting inadequate prevention of path traversal attacks in malicious tar files...
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint
In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...
Directory Traversal
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the LocalFileManager.cleanup function, by crafting a malicious glob-pattern that is not verified to be within the directory managed by...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the endpoint for exporting models. An attacker can overwrite any file on the target server by exporting a model to any file in the server's file structure. Note: This vulnerability requires there to be a model th...
Directory Traversal
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Directory Traversal through the /models/upload endpoint. An attacker can manipulate the file.filename parameter to include directory traversal sequences, causing the resulting filepath to escape the intended...
GHSA-CRH6-PJ8C-XRHC Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint
In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...
Directory Traversal
Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Directory Traversal through the web API POST /api/v1/images/delete. An attacker can delete arbitrar...
Directory Traversal
Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...
Directory Traversal
Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...
Directory Traversal
Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...