Lucene search
K

11286 matches found

CNNVD
CNNVD
added 2025/07/08 12:0 a.m.3 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability, the vulnerability stems from the serv...

6.2CVSS6.6AI score0.00362EPSS
Exploits0References1
CERT
CERT
added 2025/07/08 12:0 a.m.47 views

RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities

Overview Multiple vulnerabilities have been identified in RUCKUS Networks management products, specifically Virtual SmartZone vSZ and Network Director RND, including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution...

9.9CVSS10AI score0.02096EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/07/07 3:30 p.m.8 views

LlamaIndex vulnerable to Path Traversal attack through its encode_image function

A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS7.3AI score0.00545EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/07/07 1:15 p.m.8 views

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS0.00545EPSS
Exploits1References2
PyPA
PyPA
added 2025/07/07 1:15 p.m.10 views

PYSEC-2025-65

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6.8AI score0.00545EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/07/07 12:30 p.m.3 views

GHSA-FMRF-6JV9-QJC7 LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...

7.5CVSS7.4AI score0.00555EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/07/07 12:30 p.m.11 views

LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...

7.5CVSS7.4AI score0.00555EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/07 12:21 p.m.2 views

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6.9AI score0.00545EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/07 12:21 p.m.8 views

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS0.00545EPSS
Exploits1References2
CVE
CVE
added 2025/07/07 12:21 p.m.34 views

CVE-2025-6209

CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...

7.5CVSS7.4AI score0.00545EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/07/07 10:15 a.m.6 views

CVE-2025-3046

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS0.00555EPSS
Exploits1References2
OSV
OSV
added 2025/07/07 10:15 a.m.4 views

CVE-2025-3046

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS7.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/07 9:54 a.m.3 views

CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS7AI score0.00555EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/07 9:54 a.m.24 views

CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS0.00555EPSS
Exploits1References2
CVE
CVE
added 2025/07/07 9:54 a.m.21 views

CVE-2025-3046

The CVE-2025-3046 entry concerns the ObsidianReader class in the run-llama/llama_index repository, affecting versions 0.12.23–0.12.28. A path traversal flaw arises from symlink handling: ObsidianReader does not resolve symlinks to real paths or enforce that resolved paths stay inside the vault, e...

7.5CVSS7.5AI score0.00555EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2025/07/04 12:0 a.m.2 views

FileBrowser has an unspecified vulnerability (CNVD-2025-22702)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability , the vulnerability stems from the file access permissions are not...

5.5CVSS6.9AI score0.0019EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.1 views

Arbitrary File Read Vulnerability in UFIDA-Government Financial System of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.7 views

PT-2025-67: XML external entity leads to Local File Read and Server-side request forgery in FastReport.NET

The vulnerability was identified in FastReport .NET, versions 2024.2.20. The discovered vulnerability, due to the ability to inject and expand external entities, can be exploited by an attacker to read arbitrary local files and perform server‑side request forgery SSRF with full response retrieval...

9.2CVSS5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/03 3:23 p.m.9 views

CVE-2025-34058

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...

8.7CVSS7.3AI score0.00852EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 10:30 a.m.17 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...

7.8CVSS8AI score0.62368EPSS
Exploits3Affected Software1
Rows per page
Query Builder