2055 matches found
Weaviate 安全漏洞
Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate versions prior to 1.33.4, which originates from an attacker who can escape the root directory during backup restoration using absolute path or directory traversal, potentially resulti...
CVE-2025-67818
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...
PT-2025-50957
Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description An attacker who can insert data into the database can create an entry name containing an absolute path for example, /etc/... or utilize parent directory traversal ../../.. to bypass the restore...
CVE-2025-34392 Barracuda RMM < 2025.1.1 Service Center Absolute Path Traversal RCE
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...
Arbitrary File Read via Absolute Path Input in nltk.util.filestring() enabling Local & Remote File Disclosure
This report is not public...
CVE-2025-14253
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-14253
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-14253
The CVE-2025-14253 entry concerns Vitals ESP by Galaxy Software Services, noting an Arbitrary File Read via Absolute Path Traversal that could allow privileged remote attackers to download arbitrary system files. The public documents provided do not specify a vulnerable component version, root ca...
PT-2025-49513
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
Galaxy Software Services Vitals ESP 安全漏洞
Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP that originates from absolute path traversal and could lead to arbitrary file reading...
CVE-2025-13283
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...
CVE-2025-13283
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...
CVE-2025-13283 Chunghwa Telecom|TenderDocTransfer - Arbitrary File Copy and Paste
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...
CVE-2025-13282
TenderDocTransfer (Chunghwa Telecom) exposes a combination of flaws: (1) an Absolute Path Traversal within one API that could allow deletion of arbitrary files on the user’s system, and (2) APIs with no CSRF protection, enabling unauthenticated remote attackers to trigger actions via phishing. Th...
Chunghwa Telecom TenderDocTransfer 跨站请求伪造漏洞
Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. Chunghwa Telecom TenderDocTransfer suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF protection in the API and the presence of absolute path traversal, which could lead to an...
CVE-2025-34238
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...
CVE-2025-8051
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...
EUVD-2025-35109
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...
CVE-2025-8051
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...
CVE-2025-8051 Path traversal validation vulnerability has been discovered in opentext Flipper.
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...