Total
7984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10902 | 1 Dbgpt | 1 Db-gpt | 2025-10-15 | 9.8 Critical |
| In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability includes the potential for remote code execution (RCE) by writing malicious files, such as a malicious `__init__.py` in the Python's `/site-packages/` directory. | ||||
| CVE-2024-10707 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-10-15 | N/A |
| gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially crafted JSON file and exploiting the improper input validation in the handle_dataset_selection function. | ||||
| CVE-2024-10361 | 1 Librechat | 1 Librechat | 2025-10-15 | 9.1 Critical |
| An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit this to bypass security mechanisms and delete files outside the intended directory, including critical system files, user data, or application resources. This vulnerability impacts the integrity and availability of the system. | ||||
| CVE-2024-0520 | 1 Lfprojects | 1 Mlflow | 2025-10-15 | 8.8 High |
| A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0. | ||||
| CVE-2025-43889 | 1 Dell | 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dd | 2025-10-14 | 5.3 Medium |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4, LTS2024 release Versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2025-43934 | 1 Dell | 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dd | 2025-10-14 | 6 Medium |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Unauthorized access. | ||||
| CVE-2025-10766 | 2 Zkea, Zkeacms | 2 Zkeacms, Zkeacms | 2025-10-14 | 4.3 Medium |
| A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-57682 | 1 Papermark | 1 Papermark | 2025-10-14 | 6.5 Medium |
| Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API | ||||
| CVE-2025-10284 | 1 Blsops | 1 Bbot | 2025-10-14 | 9.6 Critical |
| BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution. | ||||
| CVE-2025-10283 | 1 Blsops | 1 Bbot | 2025-10-14 | 9.6 Critical |
| BBOT's gitdumper module could be abused to execute commands through a malicious git repository. | ||||
| CVE-2025-2363 | 1 Lenve | 1 Vblog | 2025-10-14 | 6.3 Medium |
| A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-56815 | 2 Datart, Running-elephant | 2 Datart, Datart | 2025-10-10 | 7.1 High |
| Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name. | ||||
| CVE-2025-56816 | 2 Datart, Running-elephant | 2 Datart, Datart | 2025-10-10 | 8.8 High |
| Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load() or loadAs() method without input sanitization. This allows deserialization of attacker-controlled YAML content, leading to arbitrary class instantiation. Under certain conditions, this can be exploited to achieve remote code execution (RCE). | ||||
| CVE-2024-45188 | 1 Mage | 1 Mage-ai | 2025-10-10 | 6.5 Medium |
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request | ||||
| CVE-2025-0703 | 1 Joeybling | 1 Bootplus | 2025-10-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2025-32943 | 1 Framasoft | 1 Peertube | 2025-10-10 | 3.7 Low |
| The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint. | ||||
| CVE-2025-60969 | 2 Endrun, Endruntechnologies | 3 Sonoma D12 Network Time Server, Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | 5.7 Medium |
| Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. | ||||
| CVE-2024-5273 | 1 Jenkins | 1 Report Info | 2025-10-10 | 4.3 Medium |
| Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path. | ||||
| CVE-2023-41973 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. | ||||
| CVE-2025-3381 | 1 Zhangyanbo2007 | 1 Youkefu | 2025-10-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||