The vulnerability of the software for Hitachi Energy’s equipment control and management systems, Hitachi Energy MicroSCADA X SYS600 and Pro SYS600, arises from incorrect restrictions on the path name to the restricted-access catalog. This allows attackers to gain access to read, modify, and delete system files.

The vulnerability of the software for controlling and managing equipment in Hitachi Energy’s MicroSCADA X SYS600 and Pro SYS600 systems lies in improper restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify...

CVE-2025-0926

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Ax...

cve

Vulnerability Title: Arbitrary File Read in QCMS Authenticate...

CVE-2025-1982

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files...

CVE-2025-1982 Local File Inclusion in Ready_

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files...

Yonyou YonBIP MA 路径遍历漏洞

YonBIP is a new generation of products developed by UFIDA, as the world's leading enterprise digital intelligence platform and application software. A path traversal vulnerability exists in YonBIP, which originates from improper operation of the parameter path in the file /mobsm/common/userfile,...

SAP Capital Yield Tax Management 安全漏洞

SAP Capital Yield Tax Management is a tool for capital gains tax calculation, reporting and compliance management from SAP. A directory traversal vulnerability exists in SAP Capital Yield Tax Management, which can be exploited by an attacker to submit a special request to view the contents of...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2025 Release 1, which stems from improper handling of permissions...

CVE-2025-30446

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app with root privileges may be able to modify the contents of system files...

Hardlink-Based Path Traversal in ObsidianReader

Overview A vulnerability has been identified in the ObsidianReader class from llamaindex.readers.obsidian. This vulnerability allows an attacker to bypass the path restriction mechanism using hardlinks , enabling unauthorized access to sensitive system files such as /etc/passwd. Affected Componen...

CVE-2025-30446

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app with root privileges may be able to modify the contents of system files...

CVE-2025-30446

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app with root privileges may be able to modify the contents of system files...

Apple macOS 缓冲区错误漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia that originates from a malicious application with root privileges that may modify the contents of system files...

CVE-2024-10948

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

GHSA-227R-W5J2-6243 InvokeAI Arbitrary File Deletion vulnerability

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

InvokeAI Arbitrary File Deletion vulnerability

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

CVE-2024-11042

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

CVE-2024-10361 Arbitrary File Deletion via Path Traversal in danny-avila/librechat

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...

CVE-2024-11042

CVE-2024-11042 affects invoke-ai/invokeai v5.0.2. The web API endpoint POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion , enabling an attacker to delete arbitrary server files (e.g., SSH keys, SQLite databases, configuration files), potentially compromising integrity and availa...