PT-2026-1351

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue where versions 3.13.2 and below allow an attacker to determine the existence of absolute path components...

PT-2026-1222

Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform developed by Quanta Computer contains a Path Traversal issue. Authenticated remote attackers can exploit an Absolute Path...

PT-2026-1223

Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform developed by Quanta Computer contains a Path Traversal flaw. Authenticated remote attackers can exploit an Absolute Path...

Quanta QOCA aim AI Medical Cloud Platform 安全漏洞

Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. A...

CVE-2025-15227

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

EUVD-2025-205564

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-15227 WELLTEND TECHNOLOGY｜ BPMFlowWebkit - Arbitrary File Read

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-15227 WELLTEND TECHNOLOGY｜ BPMFlowWebkit - Arbitrary File Read

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

PT-2025-53703

Name of the Vulnerable Software and Affected Versions BPMFlowWebkit affected versions not specified Description BPMFlowWebkit developed by WELLTEND TECHNOLOGY has an issue that allows unauthenticated remote attackers to download arbitrary system files by exploiting Absolute Path Traversal. The...

EUVD-2025-205449

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-57403

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-57403

Cola Dnslog v1.3.2 is affected by a Directory Traversal vulnerability in the DNS TXT query handling. The root cause is the application concatenating the requested URL (or a portion) with a base path via os.path.join, allowing directory traversal or absolute path injection and potentially exposing...

CVE-2025-14848

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-14848 Advantech WebAccess/SCADA Absolute Path Traversal

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-14848

Advantech WebAccess/SCADA is affected by an absolute directory traversal vulnerability that may allow an attacker to determine the existence of arbitrary files. Affected product: Advantech WebAccess/SCADA. Root cause: absolute path traversal leading to potential information disclosure. Impact: al...

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

Weaviate 安全漏洞

Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate versions prior to 1.33.4, which originates from an attacker who can escape the root directory during backup restoration using absolute path or directory traversal, potentially resulti...