CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-20216

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00487EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-20210

Malicious code in bioql PyPI...

6.2CVSS6.3AI score0.00139EPSS

Exploits1References3

Veracode•added 2025/07/10 6:28 a.m.•2 views

Path Traversal

llamaindexreadersobsidian is vulnerable to path traversal. The vulnerability is due to improper handling of hardlinks in the loaddata method of the ObsidianReader class, which allows an attacker to bypass path restrictions and access sensitive files such as /etc/passwd...

6.2CVSS6.2AI score0.00139EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2025/07/07 12:30 p.m.•4 views

LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, before version 0.5.2 specifically in version 0.12.27 of llama-index, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as...

6.2CVSS6.1AI score0.00139EPSS

Exploits1References4Affected Software1

OSV•added 2025/07/07 12:30 p.m.•2 views

GHSA-3J8R-JF9W-5CMH LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit

6.2CVSS6.1AI score0.00139EPSS

Exploits1References4

Github Security Blog•added 2025/07/07 12:30 p.m.•8 views

LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...

7.5CVSS7.4AI score0.00487EPSS

Exploits1References6Affected Software1

OSV•added 2025/07/07 12:30 p.m.•3 views

GHSA-FMRF-6JV9-QJC7 LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

7.5CVSS7.4AI score0.00487EPSS

Exploits1References6

Snyk•added 2025/07/07 10:44 a.m.•1 views

Directory Traversal

Overview llama-index-readers-obsidian is a llama-index readers obsidian integration Affected versions of this package are vulnerable to Directory Traversal via the ObsidianReader process. An attacker can access arbitrary files outside the intended directory by creating symbolic links that point t...

8.7CVSS7.7AI score0.00487EPSS

Exploits1References2

Snyk•added 2025/07/07 10:44 a.m.•1 views

Directory Traversal

Overview llama-index-readers-obsidian is a llama-index readers obsidian integration Affected versions of this package are vulnerable to Directory Traversal via the loaddata method in the ObsidianReader class. An attacker can access sensitive system files by exploiting hardlinks to bypass path...

6.9CVSS7.7AI score0.00139EPSS

Exploits1References2

NVD•added 2025/07/07 10:15 a.m.•2 views

CVE-2025-6210

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. T...

6.2CVSS0.00139EPSS

Exploits1References2

OSV•added 2025/07/07 10:15 a.m.•2 views

CVE-2025-6210

6.2CVSS6.1AI score

Exploits0References2

OSV•added 2025/07/07 10:15 a.m.•2 views

CVE-2025-3046

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS7.4AI score

Exploits0References2

NVD•added 2025/07/07 10:15 a.m.•3 views

CVE-2025-3046

7.5CVSS0.00487EPSS

Exploits1References2

Cvelist•added 2025/07/07 9:55 a.m.•4 views

CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index

6.2CVSS0.00139EPSS

Exploits1References2

CVE•added 2025/07/07 9:55 a.m.•14 views

CVE-2025-6210

The CVE concerns the ObsidianReader class in run-llama/llama_index, affecting version 0.12.27, where hardlink handling in load_data() can bypass path restrictions and allow access to sensitive files like /etc/passwd. The root cause is inadequate differentiation between real files and hardlinks, e...

6.2CVSS6.2AI score0.00139EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/07/07 9:55 a.m.•2 views

CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index

6.2CVSS6.2AI score0.00139EPSS

Exploits1References2

Vulnrichment•added 2025/07/07 9:54 a.m.•2 views

CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index

7.5CVSS7AI score0.00487EPSS

Exploits1References2

CVE•added 2025/07/07 9:54 a.m.•13 views

CVE-2025-3046

The CVE-2025-3046 entry concerns the ObsidianReader class in the run-llama/llama_index repository, affecting versions 0.12.23–0.12.28. A path traversal flaw arises from symlink handling: ObsidianReader does not resolve symlinks to real paths or enforce that resolved paths stay inside the vault, e...

7.5CVSS7.5AI score0.00487EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/07/07 9:54 a.m.•21 views

CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index

7.5CVSS0.00487EPSS

Exploits1References2

CNNVD•added 2025/07/07 12:0 a.m.•2 views

LlamaIndex 路径遍历漏洞

LlamaIndex is a data framework for LLM applications in the LlamaIndex open source. A path traversal vulnerability exists in LlamaIndex version 0.12.27, which stems from improper handling of hard links in the ObsidianReader class, which could lead to a path traversal attack...

6.2CVSS6.2AI score0.00139EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by