769 matches found
Path Traversal
Mage AI is vulnerable to Path Traversal. The vulnerability is due to improper handling of file paths in the "Pipeline Interaction" request, which allows an attacker to leak arbitrary files from the Mage server...
Path Traversal
Filament Excel is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the export download route '/filament-excel/path', allowing the use of ../ to navigate directories and access unauthorized files...
CVE-2024-5330
The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdancecssfilepathscache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
httpd: Improper escaping of output in mod_rewrite
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
Improper Verification Of Cryptographic Signature
electron-updater is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is caused due to improper handling and comparison of file paths, allowing an attacker to bypass signature verification by exploiting environment variable expansion and tricking the application in...
lollms vulnerable to dot-dot-slash path traversal in XTTS server
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6139
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6139 Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6139
CVE-2024-6139 affects the XTTS server in parisneo/lollms v9.6. The issue stems from improper validation of user-provided file paths in the tts_to_file endpoint, enabling path traversal that allows writing audio files to arbitrary locations and enumerating file paths. The CVSSv3 base score is 7.3 ...
CVE-2024-6139 Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
Devika Security Breach
Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches the relevant information, and writes code to achieve a given goal. Devika has a security vulnerability that stems from allowing external control over...
Path Traversal
lollms is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system...
LoLLMS Path Traversal vulnerability
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 9.5.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
CVE-2024-4881 Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...
CVE-2024-4881
CVE-2024-4881 is a path traversal vulnerability in the parisneo/lollms application. Multiple connected documents confirm the issue affects version 9.4.0 and potentially earlier builds, arising from inadequate sanitization of file paths containing backslashes across Windows/Linux contexts, enablin...
CVE-2024-2914
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...
CVE-2024-2362
The CVE-2024-2362 entry concerns parisneo/lollms-webui versión 9.3 on Windows, with a path traversal vulnerability in the del_preset endpoint due to inadequate input sanitization. The issue permits an attacker to delete files outside the intended directory by supplying absolute or traversal path...
CVE-2024-2914
The CVE-2024-2914 TarSlip flaw affects the deepjavalibrary/djl project, with vulnerable version 0.26.0 and fixed in 0.27.0. Root cause: improper validation of tar entry file paths during extraction (as seen in files_util.py/extract_imagenet.py). Impact potential includes remote code execution, pr...
Exploit for CVE-2024-4956
CVE-2024-4956 This repository contains a Python utility for a...