Exploit for Path Traversal in Jenkins

jenkinsscan Find jenkins environment and checks for CVE-2024-...

PT-2026-28715

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing f...

EUVD-2017-6979

Malware in sbrugna...

EUVD-2019-15456

Malware in sbrugna...

EUVD-2024-0273

Malicious code in bioql PyPI...

EUVD-2023-50566

Malicious code in bioql PyPI...

EUVD-2024-31901

Malicious code in bioql PyPI...

EUVD-2025-18624

Malicious code in bioql PyPI...

EUVD-2024-48766

Malicious code in bioql PyPI...

EUVD-2024-49078

Malicious code in bioql PyPI...

EUVD-2024-48767

Malicious code in bioql PyPI...

CVE-2025-8729

CVE-2025-8729 affects MigoXLab LMeterX 1.2.0. The vulnerability is in the function process_cert_files of backend/service/upload_service.py, where manipulation of the argument task_id enables path traversal. It can be triggered remotely and the exploit has been publicly disclosed. A patch is avail...

CVE-2010-10012 httpdASM 0.92 Path Traversal

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal...

CVE-2025-7452

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/filecontroller.go of the component Endpoint. The manipulation of the argument fileName leads t...

LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, before version 0.5.2 specifically in version 0.12.27 of llama-index, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as...

CVE-2025-34058

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...

CVE-2025-6772 eosphoros-ai db-gpt import import_flow path traversal

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function importflow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploi...

CVE-2025-50202

Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue h...

CVE-2025-6281

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-50202

Lychee (PHP-based photo-management tool) has a path traversal vulnerability in SecurePathController.php affecting versions 6.6.6–6.6.9. The issue allows leakage of local files, including environment variables, nginx logs, other users’ uploaded images, and configuration secrets. The root cause is ...