PT-2025-50958

Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description A flaw exists in Weaviate OSS that allows an attacker to read arbitrary files accessible to the service process. This occurs because of insufficient validation of the fileName field during file...

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

EUVD-2025-21180

Malicious code in bioql PyPI...

CVE-2025-10709 Four-Faith Water Conservancy Informatization Platform historyDownload.do;otheruserLogin.do;getfile path traversal

A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal. The attack can be...

CVE-2025-10709

CVE-2025-10709 affects Four-Faith Water Conservancy Informatization Platform 1.0. The vulnerability resides in path traversal via the fileName parameter in the files /history/historyDownload.do, /otheruserLogin.do, and /getfile. It can be exploited remotely, and public exploitation information ex...

PT-2025-38528

Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform version 1.0 Description A path traversal vulnerability exists due to the manipulation of the fileName argument. This issue affects some unknown functionality within the files...

CVE-2025-7452 kone-net go-chat Endpoint file_controller.go GetFile path traversal

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/filecontroller.go of the component Endpoint. The manipulation of the argument fileName leads t...

CVE-2025-7452

CVE-2025-7452 affects kone-net go-chat (Endpoint component). The GetFile function in go-chat/api/v1/file_controller.go is vulnerable to path traversal via the fileName argument, allowing remote exploitation. Exploitation is disclosed publicly; credits indicate a Proof-of-Concept. The rolling-rele...

CVE-2025-7452 kone-net go-chat Endpoint file_controller.go GetFile path traversal

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/filecontroller.go of the component Endpoint. The manipulation of the argument fileName leads t...

CVE-2023-1046

A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2021-32961

A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function loo...

Systemic RiskValue 安全漏洞

Systemic RiskValue is a tool or framework for assessing the value of financial systemic risk from Systemic, Inc. It is used to measure and analyze the potential losses that could result from financial systemic risk. A security vulnerability exists in Systemic RiskValue 2.8.0 and earlier versions,...

Systemic RiskValue 安全漏洞

Systemic RiskValue is a tool or framework for assessing the value of financial systemic risk from Systemic, Inc. It is used to measure and analyze the potential losses that could result from financial systemic risk. A security vulnerability exists in Systemic RiskValue version 2.8.0 and prior...

CVE-2024-33863

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion...

CVE-2024-33863

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion...

CVE-2024-33865

CVE-2024-33865 affects linqi prior to 1.4.0.1 on Windows, where an NTLM hash leak can occur via the endpoints /api/Cdn/GetFile and /api/DocumentTemplate/{GUID]. Multiple connected sources corroborate the issue and specify that upgrading to version 1.4.0.1 or later resolves the vulnerability. A pr...

CVE-2024-33863

The CVE-2024-33863 issue affects linqi prior to 1.4.0.1 on Windows, with a local file inclusion vulnerability exposed via the /api/Cdn/GetFile endpoint. The root cause is not explicitly stated in the provided documents, but the impact is high (CVE metrics indicate Confidentiality, Integrity, and ...

PT-2024-25520 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered that leads to an NTLM hash leak. This occurs via the "api/Cdn/GetFile" and "api/DocumentTemplate/GUID" endpoints. Recommendations: For versions prior to 1.4.0.1, update to...

CVE-2024-0505

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

CVE-2024-0505 ZhongFuCheng3y Austin Upload Material Menu MaterialController.java getFile unrestricted upload

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...