Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may b...

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying oper...

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resourc...

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can...

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations ...

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images ha...

Microsoft Defender for IoT Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The...

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack o...

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because P...

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server m...

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to ...

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to t...

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with s...

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's ...

Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=...

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper...