Total
181 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5547 | 1 Stitionai | 1 Devika | 2025-07-15 | N/A | 7.5 HIGH |
| A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the 'project_name' parameter in the download_project_pdf function. Attackers can exploit this flaw by manipulating the 'project_name' parameter in a GET request to traverse the directory structure and download arbitrary PDF files from the system. This issue allows attackers to access sensitive information that could be stored in PDF format outside the intended directory. | |||||
| CVE-2025-48817 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2025-07-15 | N/A | 8.8 HIGH |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-7619 | 2025-07-15 | N/A | 8.8 HIGH | ||
| BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution. | |||||
| CVE-2024-10513 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-14 | N/A | 7.2 HIGH |
| A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the vulnerable endpoint '/api/document/move-files', an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss. | |||||
| CVE-2024-3025 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-09 | N/A | 9.9 CRITICAL |
| mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database. | |||||
| CVE-2024-0549 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-09 | N/A | 8.1 HIGH |
| mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability. | |||||
| CVE-2024-4330 | 1 Lollms | 1 Lollms Web Ui | 2025-07-09 | N/A | 3.3 LOW |
| A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file. | |||||
| CVE-2024-10019 | 1 Lollms | 1 Lollms Web Ui | 2025-07-08 | N/A | 6.7 MEDIUM |
| A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the `app_name` parameter, enabling an attacker to upload a malicious `server.py` file and execute arbitrary code by exploiting the path traversal vulnerability. | |||||
| CVE-2025-7146 | 2025-07-08 | N/A | 7.5 HIGH | ||
| The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file. | |||||
| CVE-2024-43614 | 1 Microsoft | 1 Defender For Endpoint | 2025-07-08 | N/A | 5.5 MEDIUM |
| Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2024-7058 | 1 Lollms | 1 Lollms Web Ui | 2025-07-08 | N/A | 4.4 MEDIUM |
| A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personality_folder on the victim's computer. | |||||
| CVE-2012-5972 | 1 Specview | 1 Specview | 2025-07-07 | 2.6 LOW | N/A |
| Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | |||||
| CVE-2025-26645 | 1 Microsoft | 16 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 13 more | 2025-07-07 | N/A | 8.8 HIGH |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2012-6069 | 1 3s-software | 1 Codesys Runtime System | 2025-07-02 | 10.0 HIGH | 10.0 CRITICAL |
| The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device. | |||||
| CVE-2024-56340 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. | |||||
| CVE-2025-44163 | 2025-06-30 | N/A | 6.3 MEDIUM | ||
| RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution. | |||||
| CVE-2025-52207 | 2025-06-30 | N/A | 9.9 CRITICAL | ||
| PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory. | |||||
| CVE-2024-52012 | 1 Apache | 1 Solr | 2025-06-27 | N/A | 5.4 MEDIUM |
| Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. | |||||
| CVE-2025-48957 | 1 Astrbot | 1 Astrbot | 2025-06-25 | N/A | 7.5 HIGH |
| AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue. | |||||
| CVE-2025-52922 | 2025-06-23 | N/A | 7.4 HIGH | ||
| Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: (1) fully map the filesystem structure via the /api/file_manager/files?base_folder= endpoint, (2) create arbitrary directories on the server via the /api/file_manager/directories endpoint, (3) read arbitrary files from the server by copying the file to a readable location within the application via the /api/file_manager/copy_files endpoint, {4) delete arbitrary files from the server via a DELETE request to /api/file_manager/files, or (5) create arbitrary files on the server by uploading them and then leveraging the /api/file_manager/move_files endpoint to move them anywhere in the filesystem. | |||||