CVE-2024-9311

A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...

CVE-2024-7034

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

CVE-2024-8616 Arbitrary File Overwrite in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

CVE-2024-8616 Arbitrary File Overwrite in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

CVE-2024-8616

CVE-2024-8616 affects h2oai/h2o-3 v3.46.0. The flaw resides in the /99/Models/{name}/json handler where user-controllable exportModelDetails uses the mexport.dir parameter to choose the file path, enabling arbitrary file overwrite on the host. This is due to inadequate validation in the underlyin...

CVE-2024-11170

CVE-2024-11170 affects danny-avila/librechat (git 81f2936). The root cause is improper sanitization of file paths by the multer middleware, enabling path traversal that can cause arbitrary file write and potentially remote code execution. A fix exists in version 0.7.6. Public PoC details are prov...

Flowise allows arbitrary file write to RCE

Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...

CVE-2025-24996

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

BIT-DJANGO-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

WordPress plugin CS Framework 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-13780

CVE-2024-13780 refers to the Hero Mega Menu - Responsive WordPress Menu Plugin (

CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...

Linux Distros Unpatched Vulnerability : CVE-2023-45283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a...

ASB-A-341680936

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2025-7807 · Unknown · Benner Modernanet

Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions prior to 1.2.1 Description: A problematic issue has been found, affecting an unknown function of the file /DadosPessoais/SG Gravar. The manipulation of the idItAg argument leads to cross-site request forgery. This...

CVE-2025-1586

A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has...