11286 matches found
Adobe ColdFusion 代码问题漏洞
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability, the vulnerability stems from the serv...
RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities
Overview Multiple vulnerabilities have been identified in RUCKUS Networks management products, specifically Virtual SmartZone vSZ and Network Director RND, including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution...
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
CVE-2025-6209
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
PYSEC-2025-65
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
GHSA-FMRF-6JV9-QJC7 LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...
CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
CVE-2025-6209
CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...
CVE-2025-3046
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
CVE-2025-3046
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
CVE-2025-3046
The CVE-2025-3046 entry concerns the ObsidianReader class in the run-llama/llama_index repository, affecting versions 0.12.23–0.12.28. A path traversal flaw arises from symlink handling: ObsidianReader does not resolve symlinks to real paths or enforce that resolved paths stay inside the vault, e...
FileBrowser has an unspecified vulnerability (CNVD-2025-22702)
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability , the vulnerability stems from the file access permissions are not...
Arbitrary File Read Vulnerability in UFIDA-Government Financial System of UFIDA Network Technology Co.
UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...
PT-2025-67: XML external entity leads to Local File Read and Server-side request forgery in FastReport.NET
The vulnerability was identified in FastReport .NET, versions 2024.2.20. The discovered vulnerability, due to the ability to inject and expand external entities, can be exploited by an attacker to read arbitrary local files and perform server‑side request forgery SSRF with full response retrieval...
CVE-2025-34058
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...