117 matches found
EUVD-2024-52714
Malicious code in bioql PyPI...
EUVD-2021-9291
Malicious code in bioql PyPI...
EUVD-2024-27392
Malicious code in bioql PyPI...
EUVD-2023-1112
Malicious code in bioql PyPI...
EUVD-2022-47256
Malicious code in bioql PyPI...
EUVD-2022-34502
Malicious code in bioql PyPI...
CVE-2012-10024
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...
CVE-2013-10062
A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...
CVE-2010-10012
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal...
CVE-2025-34120 LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint index.php/admin/update/sa/backup, allowing attackers to specify arbitrary file paths using...
PT-2025-29892 · Lilin · Lilin Digital Video Recorder
Name of the Vulnerable Software and Affected Versions: LILIN Digital Video Recorder DVR versions prior to 2.0b60 20200207 Description: An unauthenticated arbitrary file read issue exists in LILIN Digital Video Recorder DVR devices. This allows attackers to read sensitive configuration files, such...
Path Traversal
llamaindexreadersobsidian is vulnerable to path traversal. The vulnerability is due to improper handling of hardlinks in the loaddata method of the ObsidianReader class, which allows an attacker to bypass path restrictions and access sensitive files such as /etc/passwd...
Directory Traversal
Dagster is vulnerable to Directory Traversal. The vulnerability is due to improper input sanitization due to the /logs endpoint allowing crafted requests that can access sensitive files, particularly those with names starting with a dot...
GHSA-3J8R-JF9W-5CMH LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, before version 0.5.2 specifically in version 0.12.27 of llama-index, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as...
PT-2025-26687 · Unknown · Sysmonelixir
Name of the Vulnerable Software and Affected Versions: SysmonElixir versions prior to 1.0.1 Description: The issue concerns SysmonElixir, a system monitor HTTP service in Elixir. Prior to version 1.0.1, the "/read" endpoint reads any file from the server's file system, including sensitive files...
CVE-2025-34023
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted...
PT-2025-25675 · Unknown · Mojoomla Wpgym
Name of the Vulnerable Software and Affected Versions: mojoomla WPGYM versions n/a through 65.0 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...
CVE-2020-26065
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...
Exploit for CVE-2025-31125
CVE-2025-31125 Exploit - Vite WASM Import Path Traversal 🛡️ T...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...