CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

CVE-2024-10831 Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

CVE-2024-8019

Lightning AI PyTorch Lightning 2.3.2 exposes a vulnerable LightningApp on Windows via /api/v1/upload_file/. An attacker can write/overwrite arbitrary files by crafting a filename, potentially enabling remote code execution (RCE) and compromising integrity and availability (CVSS 3.1/3.0: 9.1). Aff...

H2O Vulnerable to Arbitrary File Overwrite

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

PT-2025-12204 · Pypi · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: lightning-ai/pytorch-lightning version 2.3.2 Description: A vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload file/ endpoint, allowing an attacker to write or overwrite...

DB-GPT 安全漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.6.0, which stems from an absolute path traversal vulnerability in the file upload endpoint, which allows an attacker to upload any file...

Danswer 安全漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. Danswer suffers from a security vulnerability that stems from an arbitrary file overwrite that could lead to file system tampering...

SuperAGI 路径遍历漏洞

SuperAGI is an open source infrastructure application from SuperAGI Open Source. It is used to build components, tools, frameworks and models to implement open source AGI. A path traversal vulnerability exists in SuperAGI version 0.0.14, which stems from path traversal in the file upload...

H2O Vulnerable to Arbitrary File Overwrite via File Export

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

UBUNTU-CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

zip 安全漏洞

zip is a zip implementation in Rust open-sourced by zip-rs. A security vulnerability exists in zip versions prior to 1.3.0 through 2.3.0, which stems from an unvalidated symbolic link that could lead to arbitrary file overwriting...

CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdmnewfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originall...

CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdmnewfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originall...

WordPress Download Manager plugin <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite vulnerability

Authenticated Author+ Path Traversal to Limited File Overwrite vulnerability discovered by zhuxuan wu in WordPress Plugin Download Manager versions = 3.3.08...

ROS-20250307-01

A vulnerability in the readline.sh component of the socket forwarding utility from the host machine is related to the use of a predictable temporary file name in readline.sh. the use of a predictable temporary file name in readline.sh. Exploitation of the vulnerability could allow an attacker...

Linux Distros Unpatched Vulnerability : CVE-2024-54132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in...

Linux Distros Unpatched Vulnerability : CVE-2024-5187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate...