PT-2025-26240 · Upsonic · Upsonic

Name of the Vulnerable Software and Affected Versions: Upsonic versions up to 0.55.6 Description: A critical vulnerability was found in Upsonic, affecting the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit...

CVE-2024-7037

Open WebUI project (open-webui) v0.3.8 has a path traversal/Arbitrary File Write and Delete vulnerability in the /api/pipelines/upload endpoint caused by unsanitized file.filename concatenation with CACHE_DIR. This allows an attacker to overwrite or delete system files and could lead to remote co...