Path Traversal

org.noear:solon-web-staticfiles is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied file paths in StaticMappings.java, allowing an attacker to access arbitrary files using "../filedir"...

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

Pioneer DMH-WT7600NEX 安全漏洞

The Pioneer DMH-WT7600NEX is a multimedia digital media receiver from Pioneer. A security vulnerability exists in the Pioneer DMH-WT7600NEX that stems from a lack of proper authentication before using a user-supplied path in a file operation. An attacker can exploit the vulnerability to execute...

UBUNTU-CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

Apache Solr Relative Path Traversal vulnerability

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

Local File Inclusion (LFI)

Ray is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation and access control in Ray's /static/ directory, which allows attackers to specify and access arbitrary file paths without authentication...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to incorrect external management of file names or file paths, allows a perpetrator to delete any files they desire.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files remotely...

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

U.S. Dept Of Defense: ASP.NET Application Trace Enabled

The ASP.NET application trace feature was enabled on a public-facing URL, which exposed sensitive internal information, including Session ID values and the physical file paths of server-side resources. This vulnerability could have allowed attackers to gain unauthorized insights into the server...

PT-2025-49298

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop versions prior to 3.16.5 Description Nextcloud Desktop is a desktop sync client for Nextcloud. Before version 3.16.5, the file path was transmitted unencrypted when attempting to manually lock a file within an end-to-end...

CVE-2024-56331 Local File Inclusion (LFI) via Improper URL Handling in uptime-kuma's `Real-Browser` monitor

Uptime Kuma is an open source, self-hosted monitoring tool. An Improper URL Handling Vulnerability allows an attacker to access sensitive local files on the server by exploiting the file:/// protocol. This vulnerability is triggered via the "real-browser" request type, which takes a screenshot of...

Directory Traversal

pythonlibarchive is vulnerable to Directory Traversal. The vulnerability is due to insufficient sanitization of file paths during the extraction process, which fails to properly handle or restrict the traversal of directory paths, allowing attackers to use special characters such as ../ to escape...

BIT-NODE-MIN-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

File Manipulation

drupal/core is vulnerable to File Manipulation. The vulnerability is due to insufficient validation and sanitization of user-provided file paths, which can lead to unauthorized file access or manipulation...

The vulnerability of the Keycloak identity and access management software lies in improper external control of the file name or path, allowing unauthorized users to gain unauthorized access to protected information.

The vulnerability of the Keycloak identity and access management software is related to improper external control of the file name or path, resulting from incorrect validation of regular expressions. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthoriz...

Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...

Arbitrary File Deletion

github.com/plentico/plenti is vulnerable to Arbitrary File Deletion. The vulnerability is due to insufficient input validation and lack of proper access controls on the /postLocal endpoint, allowing an attacker to manipulate file paths and trigger arbitrary file deletion when the Plenti user serv...

ROS-20241029-13

A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to use...