Lucene search
K

173 matches found

Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.6 views

PT-2025-33841

Name of the Vulnerable Software and Affected Versions: AllSky version 2023.05.01 04 Description: A path traversal flaw exists in AllSky version 2023.05.01 04 that allows an unauthenticated attacker to create a webshell and achieve remote code execution. The issue is located in the /includes/save...

9.8CVSS7.4AI score0.01117EPSS
Exploits0References9
Snyk
Snyk
added 2025/06/29 9:30 a.m.4 views

Directory Traversal

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the flag argument in /v1/file. An attacker can access...

8.8CVSS7.4AI score0.00552EPSS
Exploits1References2
OSV
OSV
added 2025/06/29 9:15 a.m.6 views

CVE-2025-6855

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

8.8CVSS6.7AI score
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/06/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34046

An unauthenticated file upload vulnerability exists in the Fanwei E-Office = v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters uploadType=eofficelogo or...

10CVSS6.6AI score0.00781EPSS
In wildExploits0References88
Veracode
Veracode
added 2025/06/11 7:16 a.m.5 views

Path Traversal

Erxes is vulnerable to a Path Traversal. The vulnerability is due to improper validation in the /read-file endpoint handler, allowing an unauthenticated attacker to read arbitrary files from the system...

5.4CVSS7.1AI score0.00366EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.2 views

erxes 安全漏洞

erxes is an open source Hubspot/Qualtrics alternative to erxes open source. Enabling SaaS providers and digital marketing agencies/developers to create unique experiences for their entire business. A security vulnerability exists in erxes versions prior to 1.6.2 that stems from a path traversal...

5.4CVSS6.5AI score0.00366EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.4 views

CVE-2024-10101

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS5.1AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:17 a.m.14 views

CVE-2024-8143

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

6.5CVSS4.3AI score0.00479EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:35 a.m.7 views

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

6.5CVSS6.3AI score0.00656EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:17 a.m.10 views

CVE-2024-3194

A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...

6.1CVSS6.2AI score0.00738EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Arbitrary File Upload

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Arbitrary File Upload via the LightningApp when running on a Windows host at the /api/v1/uploadfile/ endpoint. An attacker...

9.1CVSS8.2AI score0.01019EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.7 views

PYSEC-2025-80

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...

7.5CVSS5.9AI score0.00713EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

AgentScope 路径遍历漏洞

AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A path traversal vulnerability exists in AgentScope version v0.0.4, which stems from the API endpoint /api/file not properly cleaning up the path parameter, allowing an attacker to rea...

7.5CVSS7.4AI score0.00713EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.9 views

PT-2025-3764 · Unknown · Code-Projects Online Book Shop

Name of the Vulnerable Software and Affected Versions: code-projects Online Shop version 1.0 Description: A problem has been found in the code that affects the /view.php file. Manipulating the name/details argument leads to cross site scripting attacks. These attacks can be started from a remote...

6.1CVSS4.3AI score0.00379EPSS
Exploits1References10
OSV
OSV
added 2024/10/29 1:15 p.m.35 views

PYSEC-2024-113

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

4.3CVSS6.4AI score0.00479EPSS
Exploits1References2
PyPA
PyPA
added 2024/10/29 1:15 p.m.7 views

PYSEC-2024-113

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

6.5CVSS6.5AI score0.00479EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/10/29 12:49 p.m.49 views

CVE-2024-8143

The CVE-2024-8143 issue affects gaizhenbiao/chuanhuchatgpt (latest 20240628). A flaw in the /file endpoint lets an authenticated user enumerate and read other users’ chat histories by exploiting directory-creation behavior under history/. Root cause: insufficient access control around per-user hi...

6.5CVSS5.1AI score0.00479EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/29 12:49 p.m.37 views

CVE-2024-8143 Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

6.5CVSS0.00479EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/27 12:0 a.m.5 views

PT-2024-16261 · Unknown · Code-Projects Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /file/delete.php. The manipulation of the bid argument leads to SQL injection. This...

8.8CVSS7.2AI score0.00518EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-33482 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...

7.5CVSS6.4AI score0.00954EPSS
Exploits1References5
Rows per page
Query Builder