CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 CVSS...

DB-GPT 安全漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.6.0, which stems from an absolute path traversal vulnerability in the file upload endpoint, which allows an attacker to upload any file...

DB-GPT 安全漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.6.0, which stems from an arbitrary file write vulnerability in the RAG-knowledge endpoint, which allows an attacker to write a file to ...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1316link is external Edimax IC-7100 IP Camera OS Command Injection Vulnerability CVE-2024-48248link is external NAKIVO Backup and Replication Absolute Path...

NAKIVO Backup and Replication Absolute Path Traversal Vulnerability

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files...

VulnCheck KEV: CVE-2024-48248

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files...

OPENSUSE-SU-2025:0090-1 Security update for ark

This update for ark fixes the following issues: - CVE-2024-57966: Disable extraction to absolute path from an archive boo1236737...

CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall

Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...

CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall

Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...

VulnCheck KEV: CVE-2024-13161

Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...

CVE-2025-25162

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in kutu62 Sports Rankings and Lists sports-rankings-lists allows Absolute Path Traversal.This issue affects Sports Rankings and Lists: from n/a through = 1.0.2...

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

Linux Distros Unpatched Vulnerability : CVE-2015-2304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an...

CVE-2024-48248

CVE-2024-48248 affects NAKIVO Backup & Replication prior to 11.0.0.88174. The vulnerability is an absolute path traversal via getImageByPath to /c/router, leading to unauthenticated arbitrary file read with potential remote code execution across the enterprise when cleartext credentials are expos...

CVE-2025-25162

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in kutu62 Sports Rankings and Lists sports-rankings-lists allows Absolute Path Traversal.This issue affects Sports Rankings and Lists: from n/a through = 1.0.2...

Linux Distros Unpatched Vulnerability : CVE-2010-2322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via...

WordPress plugin Sports Rankings and Lists 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-6097

In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...

OESA-2025-1133 ark security update

Ark is a program for managing various archive formats. Archives can be viewed, extracted, created and modified from within Ark. The program can handle various formats such as tar, gzip, bzip2, zip, rar and lha if appropriate command-line programs are installed. Security Fixes: libarchiveplugin.cp...