CVE-2025-25060

Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker...

CVE-2025-31131 Path Traversal allowing arbitrary read of files in Yeswiki

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2...

YesWiki 路径遍历漏洞

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative manner. A path traversal vulnerability exists in YesWiki versions prior to 4.5.2, which stems from the squelette parameter being vulnerable to a path traversal...

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the path parameter due to improper input sanitization. An attacker can read arbitrary files on the server by manipulating the input to...

CVE-2024-8982

A Local File Inclusion LFI vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical dat...

PT-2025-12277

Name of the Vulnerable Software and Affected Versions Polyaxon version latest Description A directory traversal vulnerability exists, allowing an attacker to retrieve directory information and file contents from the server without proper authorization. This leads to sensitive information disclosu...

DB-GPT 安全漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.6.0, which stems from a path traversal vulnerability in the API endpoint /v1/resource/file/delete, which allows an attacker to delete...

CVE-2025-2056

The WP Ghost Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which ca...

GHSA-V232-254C-M6P7 LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API

Description The LocalS3 project, an S3-compatible storage service, is vulnerable to XML External Entity XXE injection through its bucket tagging API. The vulnerability exists because the application processes XML input without properly disabling external entity resolution. When processing XML dat...

GHSA-2466-4485-4PXJ LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection

Description The LocalS3 project contains an XML External Entity XXE Injection vulnerability in its bucket operations that process XML data. Specifically, the vulnerability exists in the bucket ACL and bucket tagging operations. The application processes XML input without properly disabling extern...

CVE-2024-12036

The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the getwidgetsettingsjson function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...

WordPress plugin CS Framework 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress plugin Ultimate Video Player 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2025-0764

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher...

CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read

The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simpledownloadcounterdownloadhandler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data includi...

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

CVE-2024-13791

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

CVE-2024-8550 Local File Inclusion (LFI) in modelscope/agentscope

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...

The vulnerability of the cloud integrated development environment (IDE) Atheos lies in the lack of file loading restrictions, which allows attackers to read, modify, or execute any files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos relates to the absence of file loading restrictions. Exploiting this vulnerability allows a malicious actor to remotely read, modify, or execute any files on the server...

CVE-2024-48019

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade ...