2060 matches found
CVE-2024-6648
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'productitempath' within the 'config' JSON file, allowing them to read any file on the system...
PT-2025-20380
Name of the Vulnerable Software and Affected Versions AP Page Builder versions prior to 4.0.0 Description The issue is an Absolute Path Traversal vulnerability that could allow an unauthenticated remote user to modify the product item path within the config JSON file, allowing them to read any fi...
CVE-2025-31554
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through = 2.6...
CVE-2025-31554
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through = 2.6...
CVE-2025-31554
Docxpresso (WordPress plugin) CVE-2025-31554: Path traversal allows arbitrary file download in Docxpresso versions up to 2.6. Root cause is improper pathname limitation. Exploitation status not detailed in provided docs; Patch status is Unpatched as of the Connected Wordfence listing. Affected: D...
PT-2025-14720 · Unknown · Docxpresso
Name of the Vulnerable Software and Affected Versions: Docxpresso versions n/a through 2.6 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows Absolute Path Traversal in Docxpresso. Recommendations: For...
CVE-2024-10833
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...
CVE-2024-10831
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10834
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...
Directory Traversal
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal in the LockManager.releaselocks function. An attacker can delete arbitrary files on the filesystem by passing an absolute path to the target file ...
GHSA-J9G7-MQHH-9HXF DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...
DB-GPT Absolute Path Traversal vulnerability
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
GHSA-HHW5-29F6-HF4X DB-GPT Absolute Path Traversal vulnerability
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10831
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10834
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...
CVE-2024-10834
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...
CVE-2024-10833
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...
CVE-2024-10831
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10834 Arbitrary File Write in eosphoros-ai/db-gpt
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...
CVE-2024-10833 Arbitrary File Write in eosphoros-ai/db-gpt
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...