LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...

CVE-2026-39973

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...

CVE-2026-39973 Apktool: Path Traversal to Arbitrary File Write

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...

PT-2026-25862

Name of the Vulnerable Software and Affected Versions CTFer.io Monitoring versions prior to 0.2.2 Description The CTFer.io Monitoring component, responsible for collecting, processing, and storing signals like logs, metrics, and distributed traces, contains a path traversal flaw in the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the sanitizePath function in the static middleware sanitizer on Windows. An attacker can access arbitrary files on the server file system by crafting specially constructed requests that bypass path validation...

EUVD-2024-47374

Malicious code in bioql PyPI...

CVE-2024-7058

A vulnerability in the sanitizepath function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personalityfolder on the victim's computer...

Relative Path Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Relative Path Traversal in the sanitizepath function, which does not account for ./ sequences in pathnames. An attacker can bypass the sanitization to access the contents of...

CVE-2024-7058 Relative Path Traversal in parisneo/lollms-webui

A vulnerability in the sanitizepath function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personalityfolder on the victim's computer...

CVE-2024-6250

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

PYSEC-2024-122

A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of t...

CVE-2024-6250

Summary (fact-grounded): CVE-2024-6250 affects parisneo/lollms-webui version 9.6. The vulnerability is an absolute path traversal in the open_file endpoint of lollms_advanced.py, where the sanitize_path function with allow_absolute_path=True enables reading arbitrary files and listing directories...

PT-2024-37482

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: An absolute path traversal issue exists, specifically in the "open file" endpoint of "lollms advanced.py". The sanitize path function with allow absolute path=True allows an attacker to access...

PT-2024-25779 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.6 Description: A path traversal vulnerability exists in the parisneo/lollms application, specifically within the sanitize path from endpoint and sanitize path functions in lollms corelollmssecurity.py. This...

CVE-2023-26265

The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...

SUSE CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

zend-diactoros Cross-site Scripting (XSS)

Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting XSS or open redirect attacks...