High
CVSS: 8.4
Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data
if administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*…
High
CVSS: 7.5
Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
High
CVSS: 7.7
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path trave…
High
CVSS: 8.8
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file met…
High
CVSS: 7.1
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exp…
Medium
CVSS: 6.5
A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request t…
Critical
CVSS: 9.1
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary…
Critical
CVSS: 9.1
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises b…
Medium
CVSS: 5.3
parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.
High
KEV CVSS: 8.6
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentia…
Medium
CVSS: 6.5
Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability.
Medium
CVSS: 5.3
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.
Medium
CVSS: 5.0
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
Critical
CVSS: 9.3
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.
Critical
KEV CVSS: 9.8
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Critical
KEV CVSS: 9.8
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Critical
KEV CVSS: 9.8
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Critical
CVSS: 9.8
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.