Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows potentially allows Symlink Attacks and the use of Malicious Files. This vulnerability has been discovered and assigned the CVE ID CVE-2025-4211. The issue originates...

Arbitrary File Write

Ironic is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of user-supplied file paths during image deployment via the API, allowing attackers to write unintended files to the target node disk...

The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset lies in improper external control of file names or files, allowing attackers to perform spoofing attacks.

The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset is related to improper external name handling or file path manipulation. Exploitation of this vulnerability can allow a malicious actor to perform spear-phishing attacks by...

Directory Traversal

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Directory Traversal via the handling of file:// image URLs during the deployment process. An attacker can write, list, view, edit, create, or delete unintended files to a target node disk b...

WordPress plugin Envolve Plugin 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

QiANXIN Tianqing Endpoint Security Management System 安全漏洞

QiANXIN Tianqing Endpoint Security Management System is a security vulnerability in the v10.0 version of QiANXIN Tianqing Endpoint Security Management System, a product of QiANXIN, China. A security vulnerability exists in QiANXIN Tianqing Endpoint Security Management System version v10.0, which...

CVE-2025-0278

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

CVE-2025-0278

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

PT-2025-14810 · Hcl · Hcl Traveler

Name of the Vulnerable Software and Affected Versions: HCL Traveler affected versions not specified Description: The issue concerns an internal path disclosure in a Windows application. When the application inadvertently reveals internal file paths, this can occur through error messages, debug...

HCL Traveler 安全漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that originates from a Windows application accidentally disclosing interna...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems from the U.S.-based Apple Inc. developed specifically for Mac computers. A security vulnerability exists in Apple macOS that stems from a permissions issue that could cause an application to check for the existence of arbitrary paths on the...

CVE-2025-2328

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

CVE-2024-7033

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

DB-GPT Path Traversal vulnerability

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the filekey parameter. The filekey parameter is not properly sanitized, enabling an...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the ImagePromptTemplate in image.py, which can be instantiated with input variables...

CVE-2024-7957

The CVE-2024-7957 entry describes an arbitrary file overwrite vulnerability in the ZulipConnector of danswer-ai/danswer. The root cause is in load_credentials where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write contents, enabling overwriting or...

CVE-2024-11170 Path Traversal in danny-avila/librechat

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6...

The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows attackers to delete any files they desire.

The vulnerability of the PAN-OS operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files under the user “nobody”...

Path Traversal

org.noear:solon-web-staticfiles is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied file paths in StaticMappings.java, allowing an attacker to access arbitrary files using "../filedir"...