EUVD-2025-18698

Malicious code in bioql PyPI...

Upsonic is vulnerable to Path Traversal attack through its os.path.join function

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

GHSA-8JF4-FCJR-68C2 Upsonic is vulnerable to Path Traversal attack through its os.path.join function

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

PYSEC-2025-67

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-6278 Upsonic server.py os.path.join path traversal

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-6278 Upsonic server.py os.path.join path traversal

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2024-5982

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the loadchathistory function in...

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

Path traversal

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...

CVE-2020-35736

GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused...

CVE-2020-35736

GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused...

CVE-2020-35736

GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused...

Directory Traversal

werkzeug is vulnerable to directory traversal. An attacker is able to access arbitrary files through the SharedDataMiddleware due to the way Python's os.path.join function works on Windows...