CWE-29
64 CVEs classified under CWE-29. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-15036 | Critical | 10.0 | 2026-03-30 | A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow… |
CVE-2024-2083 | Critical | 9.9 | 2024-04-16 | A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnera… |
CVE-2024-6396 | Critical | 9.8 | 2024-07-12 | A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate ar… |
CVE-2024-5443 | Critical | 9.8 | 2024-06-22 | CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerabi… |
CVE-2024-4320 | Critical | 9.8 | 2024-06-06 | A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@rou… |
CVE-2024-3429 | Critical | 9.8 | 2024-06-06 | A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions i… |
CVE-2024-2624 | Critical | 9.8 | 2024-06-06 | A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_persona… |
CVE-2024-2360 | Critical | 9.8 | 2024-06-06 | parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in… |
CVE-2024-2358 | Critical | 9.8 | 2024-05-16 | A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises… |
CVE-2023-6975 | Critical | 9.8 | 2023-12-20 | A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. |
CVE-2023-2780 | Critical | 9.8 | 2023-05-17 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. |
CVE-2024-2356 | Critical | 9.6 | 2026-02-02 | A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `nam… |
CVE-2024-2361 | Critical | 9.6 | 2024-05-16 | A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, t… |
CVE-2024-3573 | Critical | 9.3 | 2024-04-16 | mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the… |
CVE-2023-1177 | Critical | 9.3 | 2023-03-24 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. |
CVE-2023-0104 | Critical | 9.3 | 2023-02-22 | The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker… |
CVE-2024-8537 | Critical | 9.1 | 2025-03-20 | A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow en… |
CVE-2024-7957 | Critical | 9.1 | 2025-03-20 | An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the l… |
CVE-2024-7774 | Critical | 9.1 | 2024-10-29 | A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files… |
CVE-2024-5926 | Critical | 9.1 | 2024-06-30 | A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and caus… |