Lucene search
K

2060 matches found

NVD
NVD
added 2025/05/08 1:15 p.m.33 views

CVE-2024-6648

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'productitempath' within the 'config' JSON file, allowing them to read any file on the system...

8.7CVSS0.00555EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.13 views

PT-2025-20380

Name of the Vulnerable Software and Affected Versions AP Page Builder versions prior to 4.0.0 Description The issue is an Absolute Path Traversal vulnerability that could allow an unauthenticated remote user to modify the product item path within the config JSON file, allowing them to read any fi...

8.7CVSS5.9AI score0.00555EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/04/05 2:35 p.m.17 views

CVE-2025-31554

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through = 2.6...

5.9CVSS7.2AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2025/04/03 2:15 p.m.6 views

CVE-2025-31554

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through = 2.6...

5.9CVSS0.00417EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 1:27 p.m.44 views

CVE-2025-31554

Docxpresso (WordPress plugin) CVE-2025-31554: Path traversal allows arbitrary file download in Docxpresso versions up to 2.6. Root cause is improper pathname limitation. Exploitation status not detailed in provided docs; Patch status is Unpatched as of the Connected Wordfence listing. Affected: D...

5.9CVSS7.2AI score0.00417EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.6 views

PT-2025-14720 · Unknown · Docxpresso

Name of the Vulnerable Software and Affected Versions: Docxpresso versions n/a through 2.6 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows Absolute Path Traversal in Docxpresso. Recommendations: For...

5.9CVSS9.4AI score0.00417EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:16 p.m.10 views

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.1AI score0.00769EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:9 p.m.7 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7AI score0.00769EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:1 p.m.7 views

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

9.1CVSS7AI score0.00593EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal in the LockManager.releaselocks function. An attacker can delete arbitrary files on the filesystem by passing an absolute path to the target file ...

9.1CVSS7.6AI score0.00849EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 12:32 p.m.8 views

GHSA-J9G7-MQHH-9HXF DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.2AI score0.00769EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.2AI score0.00769EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.5 views

GHSA-HHW5-29F6-HF4X DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.2AI score0.00769EPSS
Exploits1References3
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS0.00769EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

9.1CVSS9.2AI score
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

9.1CVSS0.00593EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.2AI score
Exploits0References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.11 views

CVE-2024-10834 Arbitrary File Write in eosphoros-ai/db-gpt

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

9.1CVSS0.00593EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-10833 Arbitrary File Write in eosphoros-ai/db-gpt

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS9.3AI score0.00769EPSS
Exploits1References1
Rows per page
Query Builder