Total
277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-48681 | 1 Openstack | 1 Ironic | 2026-06-04 | N/A | 5.9 MEDIUM |
| OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | |||||
| CVE-2026-5422 | 1 Jupyter | 1 Jupyter Server | 2026-06-03 | N/A | 8.1 HIGH |
| A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator, allowing sibling directories with names starting with the same prefix as root_dir to bypass the check. Additionally, the to_os_path() function in utils.py does not strip ".." from path parts, enabling traversal sequences to bypass the vulnerable check. This vulnerability can lead to unauthorized read/write access to files in sibling directories, potentially exposing sensitive data in shared hosting environments. | |||||
| CVE-2025-41268 | 1 Waterfall-security | 2 Wf-500, Wf-500 Firmware | 2026-06-01 | N/A | 9.1 CRITICAL |
| Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines. | |||||
| CVE-2025-41271 | 1 Waterfall-security | 2 Wf-500, Wf-500 Firmware | 2026-06-01 | N/A | 7.5 HIGH |
| Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device. | |||||
| CVE-2025-41280 | 1 Waterfall-security | 2 Wf-500, Wf-500 Firmware | 2026-06-01 | N/A | 7.8 HIGH |
| Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled. | |||||
| CVE-2026-8361 | 2026-05-29 | N/A | 7.5 HIGH | ||
| A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome | |||||
| CVE-2026-8326 | 2026-05-29 | N/A | N/A | ||
| Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127. | |||||
| CVE-2026-10074 | 2026-05-29 | N/A | 4.9 MEDIUM | ||
| DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files. | |||||
| CVE-2026-10073 | 2026-05-29 | N/A | 7.5 HIGH | ||
| DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files. | |||||
| CVE-2025-48977 | 1 Apache | 1 Ignite | 2026-05-29 | N/A | 6.5 MEDIUM |
| Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue. | |||||
| CVE-2026-43616 | 1 Horsicq | 1 Detect-it-easy | 2026-05-29 | N/A | 7.1 HIGH |
| Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts. | |||||
| CVE-2026-48126 | 2026-05-26 | N/A | 8.2 HIGH | ||
| Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the value of the client-supplied Host header. The join is performed by filepath.Join with no validation, so a Host: .. header walks one level above the document root. Subsequent file resolution then exposes everything in that parent directory — arbitrary file read, full directory listing, and, if any .lua file is present, server-side Lua execution. This vulnerability is fixed in 1.17.8. | |||||
| CVE-2026-8134 | 1 Concretecms | 1 Concrete Cms | 2026-05-26 | N/A | 7.2 HIGH |
| Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable files on the server. Combined with the file uploader's extension-only validation (which permits PHP code in files saved with image extensions like .png), this can result in authenticated remote code execution. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 9.4 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Thanks Yonatan Drori (Tenzai) for reporting. | |||||
| CVE-2026-41948 | 1 Dify | 1 Dify | 2026-05-26 | N/A | 9.4 CRITICAL |
| Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker. | |||||
| CVE-2023-23391 | 1 Microsoft | 1 365 Copilot | 2026-05-22 | N/A | 5.5 MEDIUM |
| Office for Android Spoofing Vulnerability | |||||
| CVE-2026-34926 | 1 Trendmicro | 1 Apex One | 2026-05-22 | N/A | 6.7 MEDIUM |
| A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability. | |||||
| CVE-2026-23734 | 2026-05-21 | N/A | N/A | ||
| XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The vulnerability is can be exploited via resources parameter the ssx and jsx endpoints by using leading slashes. This issue has been patched in 18.1.0-rc-1, 17.10.3, 17.4.9, 16.10.17. | |||||
| CVE-2026-8073 | 2026-05-19 | N/A | 7.5 HIGH | ||
| The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for unauthenticated attackers to read and delete arbitrary files limited in the WordPress uploads base directory. | |||||
| CVE-2026-41612 | 1 Microsoft | 1 Live Preview | 2026-05-15 | N/A | 5.5 MEDIUM |
| Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-29201 | 2026-05-13 | N/A | 8.6 HIGH | ||
| Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed. | |||||