Lucene search
K

779 matches found

CNNVD
CNNVD
added 2025/04/03 12:0 a.m.16 views

HCL Traveler 安全漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that originates from a Windows application accidentally disclosing interna...

4.3CVSS6.7AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.4 views

PT-2025-14810 · Hcl · Hcl Traveler

Name of the Vulnerable Software and Affected Versions: HCL Traveler affected versions not specified Description: The issue concerns an internal path disclosure in a Windows application. When the application inadvertently reveals internal file paths, this can occur through error messages, debug...

4.3CVSS6.8AI score0.00256EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.3 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems from the U.S.-based Apple Inc. developed specifically for Mac computers. A security vulnerability exists in Apple macOS that stems from a permissions issue that could cause an application to check for the existence of arbitrary paths on the...

9.8CVSS6.2AI score0.00791EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/30 7:21 a.m.24 views

CVE-2025-2328

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

8.8CVSS8.3AI score0.01002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 1:21 p.m.8 views

CVE-2024-7033

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

7.2CVSS8.7AI score0.01125EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

DB-GPT Path Traversal vulnerability

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the filekey parameter. The filekey parameter is not properly sanitized, enabling an...

8.2CVSS6.7AI score0.0067EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/03/20 10:52 a.m.1 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...

8.7CVSS6.7AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2025/03/20 10:10 a.m.44 views

CVE-2024-7957

The CVE-2024-7957 entry describes an arbitrary file overwrite vulnerability in the ZulipConnector of danswer-ai/danswer. The root cause is in load_credentials where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write contents, enabling overwriting or...

9.1CVSS9.2AI score0.00879EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.8 views

CVE-2024-11170 Path Traversal in danny-avila/librechat

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6...

8.8CVSS0.01622EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.4 views

The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows attackers to delete any files they desire.

The vulnerability of the PAN-OS operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files under the user “nobody”...

5.3CVSS6.5AI score0.00582EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/03/03 8:54 a.m.5 views

Path Traversal

org.noear:solon-web-staticfiles is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied file paths in StaticMappings.java, allowing an attacker to access arbitrary files using "../filedir"...

5.3CVSS6.7AI score0.00526EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/20 7:20 p.m.4 views

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS6.7AI score0.00584EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:43 p.m.7 views

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

9.8CVSS7.6AI score0.01837EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.5 views

Pioneer DMH-WT7600NEX 安全漏洞

The Pioneer DMH-WT7600NEX is a multimedia digital media receiver from Pioneer. A security vulnerability exists in the Pioneer DMH-WT7600NEX that stems from a lack of proper authentication before using a user-supplied path in a file operation. An attacker can exploit the vulnerability to execute...

7.3CVSS9AI score0.00469EPSS
Exploits0References2
OSV
OSV
added 2025/01/28 5:15 p.m.3 views

UBUNTU-CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

9.9CVSS5.8AI score0.00342EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/01/27 9:30 a.m.20 views

Apache Solr Relative Path Traversal vulnerability

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

5.4CVSS7AI score0.43312EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2025/01/23 2:14 a.m.10 views

Local File Inclusion (LFI)

Ray is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation and access control in Ray's /static/ directory, which allows attackers to specify and access arbitrary file paths without authentication...

9.8CVSS6.8AI score0.81512EPSS
Exploits22References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/16 12:0 a.m.20 views

The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to incorrect external management of file names or file paths, allows a perpetrator to delete any files they desire.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files remotely...

5.3CVSS8.1AI score0.12955EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/14 6:49 p.m.3 views

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

8.7CVSS6.4AI score0.00836EPSS
Exploits1References3
Hacker One
Hacker One
added 2025/01/09 7:55 a.m.6 views

U.S. Dept Of Defense: ASP.NET Application Trace Enabled

The ASP.NET application trace feature was enabled on a public-facing URL, which exposed sensitive internal information, including Session ID values and the physical file paths of server-side resources. This vulnerability could have allowed attackers to gain unauthorized insights into the server...

6.7AI score
Exploits0
Rows per page
Query Builder