CWE-29

64 CVEs classified under CWE-29. Browse by severity and year.

Top CVEs for CWE-29
CVESeverityScorePublishedSummary
CVE-2025-15036Critical10.02026-03-30A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow…
CVE-2024-2083Critical9.92024-04-16A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnera…
CVE-2024-6396Critical9.82024-07-12A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate ar…
CVE-2024-5443Critical9.82024-06-22CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerabi…
CVE-2024-4320Critical9.82024-06-06A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@rou…
CVE-2024-3429Critical9.82024-06-06A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions i…
CVE-2024-2624Critical9.82024-06-06A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_persona…
CVE-2024-2360Critical9.82024-06-06parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in…
CVE-2024-2358Critical9.82024-05-16A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises…
CVE-2023-6975Critical9.82023-12-20A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
CVE-2023-2780Critical9.82023-05-17Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
CVE-2024-2356Critical9.62026-02-02A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `nam…
CVE-2024-2361Critical9.62024-05-16A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, t…
CVE-2024-3573Critical9.32024-04-16mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the…
CVE-2023-1177Critical9.32023-03-24Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
CVE-2023-0104Critical9.32023-02-22 The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker…
CVE-2024-8537Critical9.12025-03-20A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow en…
CVE-2024-7957Critical9.12025-03-20An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the l…
CVE-2024-7774Critical9.12024-10-29A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files…
CVE-2024-5926Critical9.12024-06-30A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and caus…