Total
8617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-20041 | 2026-05-01 | N/A | 8.4 HIGH | ||
| Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution. | |||||
| CVE-2016-20040 | 2026-05-01 | N/A | 8.4 HIGH | ||
| TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses. | |||||
| CVE-2016-20048 | 2026-05-01 | N/A | 8.4 HIGH | ||
| iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges. | |||||
| CVE-2026-30893 | 1 Wazuh | 1 Wazuh | 2026-04-30 | N/A | 9.0 CRITICAL |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the Wazuh service context by overwriting Python modules loaded by Wazuh components (proof of concept available as separate attachment). In deployments where the cluster daemon runs with elevated privileges, system-level compromise is possible. This issue has been patched in version 4.14.4. | |||||
| CVE-2026-41911 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only filesystem policy. | |||||
| CVE-2026-5535 | 1 Tensoropera | 1 Fedml | 2026-04-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-25371 | 1 Nasa | 1 Core Flight System | 2026-04-30 | N/A | 7.5 HIGH |
| NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | |||||
| CVE-2026-39365 | 2 Vitejs, Voidzero | 2 Vite, Vite\+ | 2026-04-30 | N/A | 5.3 MEDIUM |
| Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the server.fs.strict allow list and retrieve .map files located outside the project root, provided they can be parsed as valid source map JSON. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5. | |||||
| CVE-2026-36767 | 2026-04-30 | N/A | 10.0 CRITICAL | ||
| A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request. | |||||
| CVE-2026-36760 | 2026-04-30 | N/A | 9.6 CRITICAL | ||
| An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled. | |||||
| CVE-2022-50992 | 2026-04-30 | N/A | 7.5 HIGH | ||
| Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC). | |||||
| CVE-2026-0964 | 2 Libssh, Redhat | 4 Libssh, Enterprise Linux, Hardened Images and 1 more | 2026-04-30 | N/A | 6.3 MEDIUM |
| A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111. | |||||
| CVE-2026-22557 | 2026-04-30 | N/A | 10.0 CRITICAL | ||
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account. | |||||
| CVE-2026-22562 | 2026-04-30 | N/A | 9.8 CRITICAL | ||
| A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later | |||||
| CVE-2026-4741 | 2026-04-30 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TeamJCD JoyConDroid (app/src/main/java/com/rdapps/gamepad/util modules). This vulnerability is associated with program files UnzipUtil.Java. This issue affects JoyConDroid: through 1.0.93. | |||||
| CVE-2026-5849 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-42249 | 2026-04-30 | N/A | N/A | ||
| Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory. An attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables. Critically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable. | |||||
| CVE-2026-5841 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-30 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2018-25308 | 2026-04-30 | N/A | 8.8 HIGH | ||
| BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during profile editing to unlink files from the server. | |||||
| CVE-2026-5962 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. | |||||