CWE-29: CWE-29
Yearly Trend
Top Affected Vendors
All CWE-29 CVEs (32)
A directory traversal vulnerability in the zenml-io/zenml repository allows attackers to read arbitrary files on the server by manipulating the 'logs'...
Apr 16, 2024This vulnerability in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the server and exfiltrate arbitrary data by manipul...
Jul 12, 2024This CVE describes a path traversal vulnerability in parisneo/lollms software that allows remote code execution. Attackers can exploit the /mount_exte...
Jun 22, 2024This CVE-2024-4320 is a critical remote code execution vulnerability in the parisneo/lollms-webui application. Attackers can exploit the '/install_ext...
Jun 6, 2024This vulnerability allows attackers to perform path traversal and arbitrary file uploads in the lollms-webui application by manipulating the 'path' pa...
Jun 6, 2024A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code by exploiting ins...
May 16, 2024This CVE describes a path traversal vulnerability in MLflow where attackers can use '\..\filename' sequences to access files outside intended director...
May 17, 2023This CVE describes a Local File Inclusion vulnerability in the lollms-webui application that allows attackers to execute arbitrary Python code remotel...
Feb 2, 2026This vulnerability in MLflow allows attackers to perform Local File Inclusion (LFI) by exploiting improper URI parsing in the 'is_local_uri' function....
Apr 16, 2024This vulnerability in Weintek EasyBuilder Pro allows attackers to execute arbitrary code or access sensitive data by tricking users into opening malic...
Feb 22, 2023A path traversal vulnerability in modelscope/agentscope's /delete-workflow endpoint allows attackers to delete arbitrary files from the filesystem by ...
Mar 20, 2025This vulnerability allows attackers to overwrite or create arbitrary files on systems running danswer-ai/danswer with ZulipConnector enabled. Attacker...
Mar 20, 2025A path traversal vulnerability in binary-husky/gpt_academic allows attackers to write arbitrary files outside the intended extraction directory when p...
Mar 20, 2025A path traversal vulnerability in danny-avila/librechat allows attackers to write files to arbitrary locations on the server due to improper sanitizat...
Mar 20, 2025An unauthenticated path traversal vulnerability in HSC Mailinspector allows attackers to read arbitrary files on the server without authentication. Th...
May 6, 2024A path traversal vulnerability in the parisneo/lollms-webui application allows attackers to manipulate configuration settings via specially crafted JS...
May 16, 2024A path traversal vulnerability in Yokogawa's FAST/TOOLS software allows attackers to bypass URL validation and access arbitrary files on the web serve...
Feb 9, 2026A path traversal vulnerability in run-llama/llama_index versions 0.12.27 through 0.12.40 allows attackers to read arbitrary files on the server by man...
Jul 7, 2025A path traversal vulnerability in MLflow 2.15.1 allows attackers to read arbitrary files when the DBFS service is configured and mounted locally. This...
Mar 20, 2025An arbitrary file read vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows attackers to read sensitive files on the server by exploiti...
Oct 29, 2024A Local File Inclusion vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files on the server through path traversal. This affe...
Sep 30, 2024This path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files by manipulating parameters in the 'copy_to_custom_...
Jun 2, 2024This vulnerability in gradio allows attackers to read any file on the filesystem by exploiting the /component_server endpoint. It affects gradio appli...
Apr 16, 2024This path traversal vulnerability in MLflow allows attackers to access arbitrary files on the server by using '\..\filename' sequences in requests. It...
Dec 18, 2023This Local File Inclusion (LFI) vulnerability in ModelDB allows attackers to read arbitrary files on the server filesystem by manipulating the artifac...
Nov 16, 2023CVE-2025-12790 is a vulnerability in Rubygem MQTT where default configurations lack hostname validation, enabling Man-in-the-Middle attacks. This allo...
Nov 6, 2025A path traversal vulnerability in the normalizePath function of mintplex-labs/anything-llm allows attackers to read and write arbitrary files within t...
Mar 20, 2025This vulnerability allows attackers to write arbitrary files to the server's filesystem by manipulating file paths in the download_model endpoint. It ...
Mar 20, 2025This Zip Slip vulnerability in OpenCart's marketplace installer allows attackers to upload malicious ZIP archives that can extract files to arbitrary ...
Jun 22, 2024A path traversal vulnerability in mintplex-labs/anything-llm allows authenticated managers to bypass path normalization and access, delete, or overwri...
Jun 12, 2024A local path traversal vulnerability in Dell PowerProtect DD allows low-privileged users to overwrite OS files, potentially causing denial of service....
Feb 1, 2025This Local File Inclusion vulnerability in OpenLLM 0.6.10 allows attackers to read sensitive server files through the web application. Attackers can a...
Mar 20, 2025About CWE-29 (CWE-29)
Our database tracks 32 CVEs classified as CWE-29, with 12 rated critical and 19 rated high severity. The average CVSS score for CWE-29 vulnerabilities is 8.3.
External reference: View CWE-29 on MITRE CWE →
Monitor CWE-29 Vulnerabilities
Get alerted when new CWE-29 CVEs affect your infrastructure.
Start Monitoring Free