Medium
CVE-2025-27937
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be…
Tag: Path Traversal
All CVEs associated with "Path Traversal". Page 14/72 • 8591 CVEs.
Subscribe CVEs: RSS for “Path Traversal” · RSS (High+Critical only)
About “Path Traversal”
A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-04-28
High
CVE-2025-26692
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauth…
2025-04-25
Medium
CVE-2025-28354
An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request.
2025-04-24
High
CVE-2025-46439
Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central plugin-central allows Path Traversal.This issue affects Plugin Central: from n/a through <= 2.5.1.
High
CVE-2025-3300
The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attacke…
2025-04-23
Medium
CVE-2025-43716
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access contr…
2025-04-22
Critical
CVE-2025-43946
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).
Critical
CVE-2025-34028
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path tr…
High
CVE-2024-40445
A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.
Medium
CVE-2025-3577
**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with admi…
2025-04-21
Medium
CVE-2025-28367
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obt…
Critical
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbi…
2025-04-20
Medium
CVE-2025-43928
In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may re…
Medium
CVE-2025-43919
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentic…
2025-04-18
High
CVE-2025-39470
Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0.
2025-04-17
High
CVE-2025-39568
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce storecontrl-wp-connection allows Path Traversal.This issue affects…
Medium
CVE-2025-27299
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events myticket-events allows Path Traversal.This issue affects MyTicket Events: from…
Medium
CVE-2025-27283
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Path Traversal.This issue affects Theme F…
2025-04-16
High
CVE-2025-28072
PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
Medium
CVE-2025-39598
Path Traversal: '.../...//' vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through <= 2025.03.28.
High
CVE-2025-39544
Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Path Traversal.This issue affects WP Tools: from n/a through <= 5.18.
Medium
CVE-2025-3686
A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attac…
2025-04-15
Medium
CVE-2025-30966
Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
High
CVE-2025-27791
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckF…
Medium
CVE-2025-32103
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityM…
Low
CVE-2025-32943
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.
2025-04-14
Medium
CVE-2025-3562
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulat…
Medium
CVE-2025-3547
A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to p…
2025-04-13
High
CVE-2025-3445
A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite fil…
2025-04-11
High
CVE-2025-32671
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects P…
High
CVE-2025-32633
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset database-toolset allows Path Traversal.This issue affects Database Toolset: fr…
High
CVE-2025-32631
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite Oxygen MyData for WooCommerce oxygen-mydata allows Path Traversal.This issue affects Oxygen…
High
CVE-2025-32629
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Path…
High
CVE-2025-32587
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp wc-pickupp allows PHP Local File Inclusion.This issue affects WooCommerce P…
High
CVE-2025-32585
Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through <…
High
CVE-2025-32509
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: fr…
Medium
CVE-2025-32807
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon par…
2025-04-10
Medium
CVE-2025-31411
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This…
Medium
CVE-2025-32209
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.…
Low
CVE-2025-32205
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.
High
CVE-2025-30582
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM dyapress allows PHP Local File Inclusion.This issue affects DyaPress ERP/CRM…
2025-04-08
High
CVE-2025-30290
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security…
High
CVE-2024-12556
Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.
High
CVE-2025-32017
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to…
High
CVE-2025-25254
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versio…
High
CVE-2024-41792
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthentica…
High
CVE-2025-30014
SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they do…
High
CVE-2025-27428
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read fil…
2025-04-07
High
CVE-2025-32409
Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct i…
Medium
CVE-2025-3381
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulat…
Medium
CVE-2025-31174
Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2025-04-06
Medium
CVE-2025-3317
A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view…
2025-04-04
Medium
CVE-2025-32137
Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through <= 250419.
Medium
CVE-2025-3214
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation o…
2025-04-03
Medium
CVE-2025-31827
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vlad.olaru Fonto fonto allows Path Traversal.This issue affects Fonto: from n/a through <= 1.2.2.
Medium
CVE-2025-31825
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pixelgrade Category Icon category-icon allows Path Traversal.This issue affects Category Icon: from n/a…
Medium
CVE-2025-31800
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio publitio allows Path Traversal.This issue affects Publitio: from n/a through <= 2.2.0.
Medium
CVE-2025-31554
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a…
Medium
CVE-2025-30596
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tstafford include-file include-file allows Path Traversal.This issue affects include-file: from n/a thr…
Critical
CVE-2025-22926
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.
Critical
CVE-2025-22927
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.
2025-04-02
High
CVE-2025-22923
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.
Critical
CVE-2023-40714
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
2025-04-01
Medium
CVE-2023-46988
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leadin…
Critical
CVE-2025-30841
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown…
High
CVE-2025-31131
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
High
CVE-2025-30910
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager cm-download-manager allows Path Traversal.This issue affects…
High
CVE-2025-30882
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a…
High
CVE-2025-30878
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a…
High
CVE-2025-30834
Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.
High
CVE-2025-30793
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez…
Medium
CVE-2025-30594
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through <=…
Medium
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitr…
Medium
CVE-2025-3043
A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Reques…
2025-03-31
High
CVE-2025-30005
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expec…
Medium
CVE-2025-2292
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.
High
CVE-2025-3021
Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadR…
2025-03-30
Medium
CVE-2025-2961
A vulnerability classified as problematic was found in opensolon up to 3.1.0. This vulnerability affects the function render_mav of the file /aa of the component org.noear.solon.core.handle.RenderMan…
2025-03-28
Medium
CVE-2025-2917
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument file…
High
CVE-2024-54362
Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3.
High
CVE-2024-54291
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Cal…
High
CVE-2025-27932
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and e…
Low
CVE-2025-27726
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and e…
High
CVE-2025-27718
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and ear…
Medium
CVE-2025-27716
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003…
2025-03-27
High
CVE-2024-12905
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a malic…
High
CVE-2025-30895
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently:…
2025-03-26
Medium
CVE-2025-1769
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file…
Medium
CVE-2025-1310
The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter. This makes it possible for aut…
2025-03-25
High
CVE-2025-29789
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Versio…
High
CVE-2025-25371
NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system.
High
CVE-2025-30567
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2.
Medium
CVE-2025-2744
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the componen…
Medium
CVE-2025-2743
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-tempora…
Medium
CVE-2025-2742
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Mat…
Medium
CVE-2025-24513
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller featur…
2025-03-24
Low
CVE-2025-2716
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path t…
Medium
CVE-2025-2708
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File…
High
CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbi…
Medium
CVE-2025-2707
A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of…
2025-03-23
High
CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDE…
2025-03-22
Medium
CVE-2025-1973
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for…
2025-03-21
Low
CVE-2025-30343
A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that…
2025-03-20
Medium
CVE-2024-13920
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it p…
High
CVE-2024-9597
A Path Traversal vulnerability exists in the `/wipe_database` endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improp…
High
CVE-2024-9415
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server,…
High
CVE-2024-9362
An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from t…
Critical
CVE-2024-8898
A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directo…
High
CVE-2024-8859
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary fil…
Critical
CVE-2024-8769
A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is use…
Critical
CVE-2024-8581
A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input fil…
Critical
CVE-2024-8551
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write…
Critical
CVE-2024-8537
A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete a…
High
CVE-2024-8524
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /rea…
High
CVE-2024-8438
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary fi…
High
CVE-2024-8248
A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can…
High
CVE-2024-8060
OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insufficient validation on th…
Critical
CVE-2024-7776
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal at…
High
CVE-2024-7034
In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of `file_…
Medium
CVE-2024-6583
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path…