LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...

CVE-2025-6772 eosphoros-ai db-gpt import import_flow path traversal

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function importflow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploi...

CVE-2025-34048 D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

CVE-2025-48026

A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to read files from the underlying OS and...

CVE-2025-23092

Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to upload arbitrary files and execute...

CVE-2025-48026

A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to read files from the underlying OS and...

CVE-2025-48026

A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to read files from the underlying OS and...

CVE-2025-48026

The CVE-2025-48026 entry applies to Mitel OpenScape Xpressions WebApl component (through V7R1 FR5 HF43 P913). It describes an unauthenticated path traversal due to insufficient input validation, allowing reading of arbitrary files on the underlying OS and exposure of sensitive information. Affect...

CVE-2025-23092

Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to upload arbitrary files and execute...

CVE-2025-48026

A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to read files from the underlying OS and...

PT-2025-26636 · Mitel · Mitel Openscape Xpressions

Name of the Vulnerable Software and Affected Versions: Mitel OpenScape Xpressions versions through V7R1 FR5 HF43 P913 Description: A vulnerability in the WebApl component could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful...

CVE-2025-32799

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

CVE-2025-6109

CVE-2025-6109 affects javahongxi whatsmars 2021.4.0. The root cause is in the initialize function of InitializrController.java, where manipulating the artifactId argument leads to a path traversal vulnerability. The issue can be exploited remotely; exploitation has been disclosed publicly. Severa...

TencentOS Server 2: pesign (TSSA-2023:0033)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0033 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: pesign (TSSA-2023:0039)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0039 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2024-57189

CVE-2024-57189 affects Erxes versions prior to 1.6.2. A Path Traversal flaw in the importHistoriesCreate GraphQL mutation handler allows an authenticated attacker to write to arbitrary files on the system. Root cause: insufficient input validation of file paths in the mutation handler. Impact is ...

PT-2025-24125 · Backwp · Backwp

Name of the Vulnerable Software and Affected Versions: Backwp versions n/a through 2.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Path Traversal. This means an attacker could potentially trick a user into performing unintended actions on the web...

CVE-2025-5159

A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. The exploit has...

GHSA-8R88-6CJ9-9FH5 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

Impact The library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best...

PT-2025-22871 · H3C · H3C Seccenter Smp-E1114P02

Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A vulnerability was found in the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely...