Lucene search
K

2055 matches found

CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Weaviate 安全漏洞

Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate versions prior to 1.33.4, which originates from an attacker who can escape the root directory during backup restoration using absolute path or directory traversal, potentially resulti...

7.2CVSS6.6AI score0.00771EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 12:0 a.m.1 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

6.8AI score0.00771EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50957

Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description An attacker who can insert data into the database can create an entry name containing an absolute path for example, /etc/... or utilize parent directory traversal ../../.. to bypass the restore...

7.2CVSS6.5AI score0.00771EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/10 3:44 p.m.44 views

CVE-2025-34392 Barracuda RMM < 2025.1.1 Service Center Absolute Path Traversal RCE

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

10CVSS0.22007EPSS
Exploits1References4
Huntr
Huntr
added 2025/12/09 7:18 p.m.8 views

Arbitrary File Read via Absolute Path Input in nltk.util.filestring() enabling Local & Remote File Disclosure

This report is not public...

8.6CVSS5.8AI score0.00428EPSS
Exploits1
NVD
NVD
added 2025/12/08 8:15 a.m.3 views

CVE-2025-14253

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

6.9CVSS0.00407EPSS
Exploits0References2
OSV
OSV
added 2025/12/08 8:15 a.m.7 views

CVE-2025-14253

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

6.9CVSS6AI score0.00407EPSS
Exploits0References2
CVE
CVE
added 2025/12/08 7:38 a.m.7 views

CVE-2025-14253

The CVE-2025-14253 entry concerns Vitals ESP by Galaxy Software Services, noting an Arbitrary File Read via Absolute Path Traversal that could allow privileged remote attackers to download arbitrary system files. The public documents provided do not specify a vulnerable component version, root ca...

6.9CVSS6.8AI score0.00407EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.3 views

PT-2025-49513

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

6.9CVSS7.1AI score0.00407EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.4 views

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP that originates from absolute path traversal and could lead to arbitrary file reading...

6.9CVSS6.8AI score0.00407EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/18 3:58 a.m.7 views

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

7.1CVSS6.8AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2025/11/17 4:15 a.m.3 views

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

7CVSS6AI score0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/17 3:30 a.m.4 views

CVE-2025-13283 Chunghwa Telecom|TenderDocTransfer - Arbitrary File Copy and Paste

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

7.1CVSS6.5AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 2025/11/17 3:24 a.m.14 views

CVE-2025-13282

TenderDocTransfer (Chunghwa Telecom) exposes a combination of flaws: (1) an Absolute Path Traversal within one API that could allow deletion of arbitrary files on the user’s system, and (2) APIs with no CSRF protection, enabling unauthenticated remote attackers to trigger actions via phishing. Th...

8.1CVSS6.7AI score0.00227EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.3 views

Chunghwa Telecom TenderDocTransfer 跨站请求伪造漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. Chunghwa Telecom TenderDocTransfer suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF protection in the API and the presence of absolute path traversal, which could lead to an...

8.1CVSS6.8AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34238

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

6.5CVSS5.9AI score0.00341EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/21 8:29 p.m.11 views

CVE-2025-8051

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

6.5CVSS6.8AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/20 9:30 p.m.3 views

EUVD-2025-35109

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

5.3CVSS6.3AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2025/10/20 8:15 p.m.4 views

CVE-2025-8051

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

6.5CVSS5.8AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/20 7:55 p.m.8 views

CVE-2025-8051 Path traversal validation vulnerability has been discovered in opentext Flipper.

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

5.3CVSS0.00359EPSS
Exploits0References1
Rows per page
Query Builder