33 matches found
Path Traversal
github.com/weaviate/weaviate is vulnerable to path traversal. The vulnerability is due to insufficient validation of the fileName field in the transfer logic, which allows an attacker who can call the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationServic...
SUSE CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
Weaviate OSS has path traversal vulnerability via the Shard Movement API
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
GHSA-HMMH-292H-3364 Weaviate OSS has path traversal vulnerability via the Shard Movement API
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the fileName field in the transfer logic. An attacker can access arbitrary files accessible to the service process by invoking the GetFile method when a shard is in the "Pause file...
PT-2025-50958
Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description A flaw exists in Weaviate OSS that allows an attacker to read arbitrary files accessible to the service process. This occurs because of insufficient validation of the fileName field during file...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
EUVD-2024-54108
Malicious code in bioql PyPI...
CVE-2024-10442
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the...
Vulnerability fixed in Synology Replication Service and Synology Unified Controller
Synology has fixed a vulnerability in Synology Replication Service and Synology Unified Controller. The vulnerability is located in an off-by-one flaw in the Synology Replication Service and Synology Unified Controller, which allows remote attackers to execute arbitrary code. This can lead to...
CVE-2024-10442
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the...
CVE-2024-10442
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the...
CVE-2024-10442
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the...
CVE-2024-10442
CVE-2024-10442 affects Synology Replication Service and Synology Unified Controller (DSMUC). The vulnerability is an off-by-one error in the transmission component that can allow remote attackers to execute arbitrary code. Affected versions include Replication Service before 1.0.12-0066, 1.2.2-03...
CVE-2024-10442
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the...
Synology Replication Service 安全漏洞
Synology Replication Service is a software from Synology China used to synchronize files between different NAS or storage devices. It is used to ensure data consistency and synchronization between different storage devices. A security vulnerability exists in Synology Replication Service, which...