779 matches found
Devika Security Breach
Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches the relevant information, and writes code to achieve a given goal. Devika has a security vulnerability that stems from allowing external control over...
Path Traversal
lollms is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system...
LoLLMS Path Traversal vulnerability
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 9.5.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
CVE-2024-4881 Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...
CVE-2024-4881
CVE-2024-4881 is a path traversal vulnerability in the parisneo/lollms application. Multiple connected documents confirm the issue affects version 9.4.0 and potentially earlier builds, arising from inadequate sanitization of file paths containing backslashes across Windows/Linux contexts, enablin...
CVE-2024-2914
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...
CVE-2024-2362
The CVE-2024-2362 entry concerns parisneo/lollms-webui versión 9.3 on Windows, with a path traversal vulnerability in the del_preset endpoint due to inadequate input sanitization. The issue permits an attacker to delete files outside the intended directory by supplying absolute or traversal path...
CVE-2024-2914
The CVE-2024-2914 TarSlip flaw affects the deepjavalibrary/djl project, with vulnerable version 0.26.0 and fixed in 0.27.0. Root cause: improper validation of tar entry file paths during extraction (as seen in files_util.py/extract_imagenet.py). Impact potential includes remote code execution, pr...
Exploit for CVE-2024-4956
CVE-2024-4956 This repository contains a Python utility for a...
BIT-NODE-2024-21890
The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...
RHEL 4 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - NetworkManager, wpasupplicant: Improper x509v3 certificate and key file paths sanitization CVE-2012-1096 Note that...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
Check Point Security Gateway RCE Exploit Tool CVE-2024-249...
Path Traversal
org.openapitools, openapi-generator-online is vulnerable to a Path Traversal. The vulnerability is due to unrestricted access to the outputFolder option, which allows attackers to manipulate file paths and potentially read or delete files and folders outside of the intended directory...
PT-2024-25515 · Logpoint · Logpoint
Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered that allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming...
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fixes: squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via...
GHSA-VX97-8Q8Q-QGQ5 Mattermost's detailed error messages reveal the full file path
Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...
langchain vulnerable to path traversal
langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory 'Path Traversal' in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to...
CVE-2024-1961
CVE-2024-1961 affects the open-source project vertaai/modeldb. The vulnerability is a path traversal flaw caused by improper sanitization of user-supplied file paths in the file upload flow, specifically in the NFSController.java and NFSService.java components. Attackers can manipulate the artifa...
Local File Inclusion (LFI)
gradio is vulnerable to a Local File Inclusion. This vulnerability is due to improper validation of user-supplied input in the UploadButton component, specifically in the handling of file paths during file uploads to the /queue/join endpoint, which allows attackers to read arbitrary files on the...