256 matches found
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Proof of concept exploit for CVE-2025-55182...
Evolving Spring Vault: Introducing VaultClient
Back in September 2016, nearly a decade ago now, we introduced Spring Vault as a integration layer for HashiCorp Vault within Spring applications, complemented by Spring Cloud Vault for Spring Boot arrangements. The core idea has always been straightforward: Externalizing secrets to encrypted Vau...
CVE-2025-68478
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...
PYSEC-2025-125
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...
CVE-2025-13641
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...
CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
EUVD-2025-203094
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip...
CVE-2025-67818
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...
CVE-2025-67818
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...
CVE-2025-36357
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...
Qualys Cloud Agent 安全漏洞
Qualys Cloud Agent is a lightweight application from Qualys, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent that stems from not using absolute paths and not cleaning up the $PATH environment variable, which could lead to...
EUVD-2004-0813
Malware in sbrugna...
EUVD-2022-6481
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2013-1831
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive informatio...
GHSA-9GH8-9R95-3FC3 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
Summary The vulnerability allows any user to overwrite any files available under the account privileges of the running process. Details As part of static analysis, iOS MobSF supports loading and parsing statically linked libraries .a. When parsing such archives, the code extracts the embedded...
NamelessMC 信息泄露漏洞
NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. An information disclosure vulnerability exists in NamelessMC versions prior to 2.2.4, which stems from the disclosure of sensitive information and...
Linux Distros Unpatched Vulnerability : CVE-2021-32804
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient...