Exploit for Path Traversal in Jenkins

jenkinsscan Find jenkins environment and checks for CVE-2024-...

PT-2026-28715

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing f...

EUVD-2025-18624

Malicious code in bioql PyPI...

EUVD-2023-50566

Malicious code in bioql PyPI...

EUVD-2024-48766

Malicious code in bioql PyPI...

EUVD-2024-49078

Malicious code in bioql PyPI...

EUVD-2024-31901

Malicious code in bioql PyPI...

EUVD-2024-48767

Malicious code in bioql PyPI...

CVE-2025-8729

CVE-2025-8729 affects MigoXLab LMeterX 1.2.0. The vulnerability is in the function process_cert_files of backend/service/upload_service.py, where manipulation of the argument task_id enables path traversal. It can be triggered remotely and the exploit has been publicly disclosed. A patch is avail...

CVE-2010-10012 httpdASM 0.92 Path Traversal

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal...

CVE-2025-7452

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/filecontroller.go of the component Endpoint. The manipulation of the argument fileName leads t...

LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, before version 0.5.2 specifically in version 0.12.27 of llama-index, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as...

CVE-2025-6772 eosphoros-ai db-gpt import import_flow path traversal

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function importflow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploi...

CVE-2025-50202

Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue h...

CVE-2025-6281

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-50202

Lychee (PHP-based photo-management tool) has a path traversal vulnerability in SecurePathController.php affecting versions 6.6.6–6.6.9. The issue allows leakage of local files, including environment variables, nginx logs, other users’ uploaded images, and configuration secrets. The root cause is ...

CVE-2025-5880 Whistle get-temp-file path traversal

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...

Exploit for Path Traversal in Yeswiki

Blackash-CVE-2025-31131 CVE-2025-31131 - YesWiki 4.5.2 Path...

CVE-2024-7458

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversa...

CVE-2024-31450

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The...