Lucene search
K

21303 matches found

Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal via the downloadfile method. An attacker can access sensitive information, including configuration files and credentials, by exploiting this...

8.8CVSS7.7AI score0.00922EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the path parameter due to improper input sanitization. An attacker can read arbitrary files on the server by manipulating the input to...

8.7CVSS7.6AI score0.00713EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the /delete-workflow endpoint. An attacker can delete arbitrary files from the filesystem by manipulating file paths to access...

9.1CVSS7.6AI score0.00953EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal in the LockManager.releaselocks function. An attacker can delete arbitrary files on the filesystem by passing an absolute path to the target file ...

9.1CVSS7.6AI score0.00849EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.6 views

Directory Traversal

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal via the downloadmodel function. An attacker can overwrite files in the user's directory by exploiting inadequate prevention of path traversal attacks in malicious tar files...

9.1CVSS7.7AI score0.01357EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.9 views

Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

7.2CVSS7.2AI score0.02458EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the LocalFileManager.cleanup function, by crafting a malicious glob-pattern that is not verified to be within the directory managed by...

8.7CVSS7.6AI score0.00953EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the endpoint for exporting models. An attacker can overwrite any file on the target server by exporting a model to any file in the server's file structure. Note: This vulnerability requires there to be a model th...

7.1CVSS7.7AI score0.00693EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Directory Traversal through the /models/upload endpoint. An attacker can manipulate the file.filename parameter to include directory traversal sequences, causing the resulting filepath to escape the intended...

7.2CVSS7.3AI score0.02458EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 12:32 p.m.4 views

GHSA-CRH6-PJ8C-XRHC Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

6.5CVSS7.5AI score0.02458EPSS
Exploits1References3
Snyk
Snyk
added 2025/03/20 12:32 p.m.6 views

Directory Traversal

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Directory Traversal through the web API POST /api/v1/images/delete. An attacker can delete arbitrar...

9.1CVSS7.6AI score0.01348EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

9.1CVSS7.6AI score0.00769EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

9.1CVSS7.7AI score0.00769EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

8.8CVSS7.6AI score0.0067EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 10:49 a.m.3 views

Relative Path Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Relative Path Traversal in the sanitizepath function, which does not account for ./ sequences in pathnames. An attacker can bypass the sanitization to access the contents of...

5.1CVSS6.8AI score0.00353EPSS
Exploits2References2
Snyk
Snyk
added 2025/03/20 10:47 a.m.2 views

Directory Traversal

Overview openllm is an OpenLLM: Self-hosting LLMs Made Easy. Affected versions of this package are vulnerable to Directory Traversal due to unprotected path formation in local.py, which allows local file inclusion. An attacker can access files on the server. PoC...

6.9CVSS7.4AI score0.00748EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 10:46 a.m.2 views

Directory Traversal

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Directory Traversal via the runs endpoint. An attacker can read arbitrary files from the target filesystem by providing a directory traversal path. PoC...

8.7CVSS7.7AI score0.04245EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 10:46 a.m.1 views

Directory Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Directory Traversal over the wipedatabase endpoint. An attacker can delete any directory on the target filesystem by sending a specially crafted HTTP request that manipulates the...

7.1CVSS7.6AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-7034

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

7.2CVSS0.02458EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-7034

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

7.2CVSS7AI score
Exploits0References1
Rows per page
Query Builder