779 matches found
HCL Traveler 安全漏洞
HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that originates from a Windows application accidentally disclosing interna...
PT-2025-14810 · Hcl · Hcl Traveler
Name of the Vulnerable Software and Affected Versions: HCL Traveler affected versions not specified Description: The issue concerns an internal path disclosure in a Windows application. When the application inadvertently reveals internal file paths, this can occur through error messages, debug...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems from the U.S.-based Apple Inc. developed specifically for Mac computers. A security vulnerability exists in Apple macOS that stems from a permissions issue that could cause an application to check for the existence of arbitrary paths on the...
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2024-7033
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
DB-GPT Path Traversal vulnerability
A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the filekey parameter. The filekey parameter is not properly sanitized, enabling an...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...
CVE-2024-7957
The CVE-2024-7957 entry describes an arbitrary file overwrite vulnerability in the ZulipConnector of danswer-ai/danswer. The root cause is in load_credentials where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write contents, enabling overwriting or...
CVE-2024-11170 Path Traversal in danny-avila/librechat
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6...
The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows attackers to delete any files they desire.
The vulnerability of the PAN-OS operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files under the user “nobody”...
Path Traversal
org.noear:solon-web-staticfiles is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied file paths in StaticMappings.java, allowing an attacker to access arbitrary files using "../filedir"...
CVE-2025-25284
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...
CVE-2022-41158
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...
Pioneer DMH-WT7600NEX 安全漏洞
The Pioneer DMH-WT7600NEX is a multimedia digital media receiver from Pioneer. A security vulnerability exists in the Pioneer DMH-WT7600NEX that stems from a lack of proper authentication before using a user-supplied path in a file operation. An attacker can exploit the vulnerability to execute...
UBUNTU-CVE-2025-0781
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...
Apache Solr Relative Path Traversal vulnerability
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...
Local File Inclusion (LFI)
Ray is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation and access control in Ray's /static/ directory, which allows attackers to specify and access arbitrary file paths without authentication...
The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to incorrect external management of file names or file paths, allows a perpetrator to delete any files they desire.
The vulnerability of the Palo Alto Networks Expedition configuration migration tool is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files remotely...
CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...
U.S. Dept Of Defense: ASP.NET Application Trace Enabled
The ASP.NET application trace feature was enabled on a public-facing URL, which exposed sensitive internal information, including Session ID values and the physical file paths of server-side resources. This vulnerability could have allowed attackers to gain unauthorized insights into the server...