CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

CVE-2024-2366

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

EUVD-2024-27319

Malicious code in bioql PyPI...

EUVD-2024-47055

Malicious code in bioql PyPI...

Cache Deception

better-call is vulnerable to cache deception. The vulnerability is due to insufficient path sanitization during request processing, which allows an attacker to craft deceptive URLs that mimic static assets and bypass CDN cache exclusion rules...

CVE-2024-5926

A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service DoS. This issue is present in all versions of the application. The vulnerability arises due to insufficient path...

Path Traversal

github.com/spectolabs/hoverfly is vulnerable to Path Traversal. The vulnerability is due to insufficient path sanitization in the /api/v2/simulation POST handler, allowing an attacker to escape the intended base directory and access arbitrary files on the server by manipulating file paths using ....

parisneo/lollms Local File Inclusion (LFI) attack

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

CVE-2024-2366 Remote Code Execution in parisneo/lollms-webui

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

CVE-2024-2366 Remote Code Execution in parisneo/lollms-webui

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

PT-2024-20009 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version latest Description: A remote code execution issue exists due to insufficient path sanitization in the reinstall binding functionality. This allows an attacker to exploit path traversal and navigate to arbitrary...