Lucene search
+L

274 matches found

RedhatCVE
RedhatCVE
added 2025/12/20 5:12 p.m.6 views

CVE-2025-68478

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

7.1CVSS7AI score0.03631EPSS
Exploits1References1
OSV
OSV
added 2025/12/19 6:15 p.m.7 views

PYSEC-2025-125

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

7.1CVSS5.9AI score0.03631EPSS
Exploits1References1
NVD
NVD
added 2025/12/18 10:16 a.m.4 views

CVE-2025-13641

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS0.00707EPSS
Exploits0References4
OSV
OSV
added 2025/12/17 7:48 p.m.4 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS5.9AI score0.00744EPSS
Exploits2References6
Cvelist
Cvelist
added 2025/12/17 7:48 p.m.32 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS0.00744EPSS
Exploits2References4
EUVD
EUVD
added 2025/12/12 6:30 p.m.6 views

EUVD-2025-203094

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip...

7.2CVSS6.3AI score0.00785EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 5:15 p.m.8 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS0.00785EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 4:38 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...

8.7CVSS7.5AI score0.00785EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 4:38 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...

8.7CVSS7.5AI score0.00785EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:0 a.m.6 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS7AI score0.00785EPSS
Exploits0References4
OSV
OSV
added 2025/11/17 8:15 p.m.4 views

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

8CVSS5.9AI score0.0077EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.7 views

Qualys Cloud Agent 安全漏洞

Qualys Cloud Agent is a lightweight application from Qualys, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent that stems from not using absolute paths and not cleaning up the $PATH environment variable, which could lead to...

6.3CVSS7AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-0813

Malware in sbrugna...

7.5CVSS6AI score0.04887EPSS
Exploits1References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.29 views

EUVD-2022-6481

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.00414EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2013-1831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive informatio...

5CVSS5.5AI score0.01393EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 5:12 p.m.32 views

GHSA-9GH8-9R95-3FC3 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

Summary The vulnerability allows any user to overwrite any files available under the account privileges of the running process. Details As part of static analysis, iOS MobSF supports loading and parsing statically linked libraries .a. When parsing such archives, the code extracts the embedded...

6.5CVSS6.7AI score0.0056EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.72 views

NamelessMC 信息泄露漏洞

NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. An information disclosure vulnerability exists in NamelessMC versions prior to 2.2.4, which stems from the disclosure of sensitive information and...

5.3CVSS6.1AI score0.00399EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-32804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient...

8.2CVSS6.8AI score0.15014EPSS
Exploits1References2
OSV
OSV
added 2025/07/25 7:15 p.m.2 views

CVE-2025-52452

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Salesforce Tableau Server on Windows, Linux tabdoc api - duplicate-data-source modules allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3....

8.5CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.18 views

CVE-2022-36007

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...

6.1CVSS6.4AI score0.00414EPSS
Exploits1
Rows per page
Query Builder