100 matches found
CVE-2025-69194 Wget2: arbitrary file write via metalink path traversal in gnu wget2
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
CVE-1999-0229
Denial of service in Windows NT IIS server using ..\...
EUVD-2018-12635
Malware in sbrugna...
EUVD-2025-29480
Malicious code in bioql PyPI...
EUVD-2021-9197
Malicious code in bioql PyPI...
EUVD-2023-2366
Malicious code in bioql PyPI...
EUVD-2021-9182
Malicious code in bioql PyPI...
EUVD-2024-31908
Malicious code in bioql PyPI...
CVE-2025-7975
Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit...
GO-2025-3799 LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper
LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper...
CVE-2025-6855 chatchat-space Langchain-Chatchat file path traversal
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...
CVE-2024-3318
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...
CVE-2025-24907
CVE-2025-24907 concerns Hitachi Vantara Pentaho Data Integration & Analytics. Affected versions are before 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because user input used as a file path through the CGG Draw API is not properly neutralized, allowing doubled triple-dot sequences ('......
Hardlink-Based Path Traversal in ObsidianReader
Overview A vulnerability has been identified in the ObsidianReader class from llamaindex.readers.obsidian. This vulnerability allows an attacker to bypass the path restriction mechanism using hardlinks , enabling unauthorized access to sensitive system files such as /etc/passwd. Affected Componen...
GO-2025-3564 ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx
ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
PT-2024-36824
Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.48.05 Description The issue is related to improper input validation in the application, which can allow attackers to perform local file read LFR or path traversal attacks. These attacks occur when user...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 PoC This repository is a proof of concept PoC...
Cambium CnPilot R200/r201 File Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium cnPilot r200/r201 File Path Traversal', 'Description' = %q This module exploits a File Path Traversal vulnerability in Cambium cnPilot...
CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...