CVE-2025-15227 WELLTEND TECHNOLOGY｜ BPMFlowWebkit - Arbitrary File Read

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

EUVD-2025-205564

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-15227 WELLTEND TECHNOLOGY｜ BPMFlowWebkit - Arbitrary File Read

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

PT-2025-53703

Name of the Vulnerable Software and Affected Versions BPMFlowWebkit affected versions not specified Description BPMFlowWebkit developed by WELLTEND TECHNOLOGY has an issue that allows unauthenticated remote attackers to download arbitrary system files by exploiting Absolute Path Traversal. The...

CVE-2025-57403

Cola Dnslog v1.3.2 is affected by a Directory Traversal vulnerability in the DNS TXT query handling. The root cause is the application concatenating the requested URL (or a portion) with a base path via os.path.join, allowing directory traversal or absolute path injection and potentially exposing...

EUVD-2025-205449

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-57403

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-14848

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-14848

Advantech WebAccess/SCADA is affected by an absolute directory traversal vulnerability that may allow an attacker to determine the existence of arbitrary files. Affected product: Advantech WebAccess/SCADA. Root cause: absolute path traversal leading to potential information disclosure. Impact: al...

CVE-2025-14848 Advantech WebAccess/SCADA Absolute Path Traversal

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

CVE-2025-67818

Weaviate OSS before 1.33.4 is affected by CVE-2025-67818. An attacker with data-insertion access can craft an entry name with an absolute path (e.g., /etc/…) or use ../ traversal to escape the backup restore root, potentially creating or overwriting files in arbitrary locations within the app’s p...

Weaviate 安全漏洞

Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate versions prior to 1.33.4, which originates from an attacker who can escape the root directory during backup restoration using absolute path or directory traversal, potentially resulti...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

PT-2025-50957

Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description An attacker who can insert data into the database can create an entry name containing an absolute path for example, /etc/... or utilize parent directory traversal ../../.. to bypass the restore...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

CVE-2025-34392 Barracuda RMM < 2025.1.1 Service Center Absolute Path Traversal RCE

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

Arbitrary File Read via Absolute Path Input in nltk.util.filestring() enabling Local & Remote File Disclosure

This report is not public...