Total
9084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-50203 | 1 Apache | 1 Apache-airflow-providers-sftp | 2026-06-17 | N/A | 9.1 CRITICAL |
| A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is any deployment downloading directories from an untrusted SFTP server. Upgrade `apache-airflow-providers-sftp` to 5.8.1 or later. | |||||
| CVE-2026-45775 | 1 Discourse | 1 Discourse | 2026-06-17 | N/A | 6.8 MEDIUM |
| Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a multisite deployment to access backup files belonging to another site when backups are stored locally. In affected configurations, an admin on Site A could potentially retrieve sensitive backup data from Site B (same host, multisite) by crafting a backup download request with a traversal payload. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. | |||||
| CVE-2026-9690 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions. | |||||
| CVE-2026-54193 | 2026-06-17 | N/A | 7.7 HIGH | ||
| Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | |||||
| CVE-2026-52716 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. | |||||
| CVE-2025-60223 | 2026-06-17 | N/A | 7.7 HIGH | ||
| Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions. | |||||
| CVE-2024-32729 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. | |||||
| CVE-2026-47277 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0. | |||||
| CVE-2026-48055 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0. | |||||
| CVE-2026-10094 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server. | |||||
| CVE-2026-48777 | 2026-06-17 | N/A | N/A | ||
| FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta. | |||||
| CVE-2026-27400 | 2026-06-17 | N/A | 8.6 HIGH | ||
| Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions. | |||||
| CVE-2025-69128 | 2026-06-17 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3. | |||||
| CVE-2025-69139 | 2026-06-17 | N/A | 8.6 HIGH | ||
| Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions. | |||||
| CVE-2025-69131 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | |||||
| CVE-2026-40724 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions. | |||||
| CVE-2026-22334 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions. | |||||
| CVE-2026-21726 | 1 Grafana | 1 Loki | 2026-06-17 | N/A | 5.3 MEDIUM |
| The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this vulnerability. | |||||
| CVE-2026-20262 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-06-17 | N/A | 6.5 MEDIUM |
| A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account. | |||||
| CVE-2025-62851 | 1 Qnap | 1 License Center | 2026-06-17 | N/A | 4.4 MEDIUM |
| A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: License Center 1.9.56 and later | |||||