Total
277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-8209 | 2026-05-12 | N/A | N/A | ||
| Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application. | |||||
| CVE-2026-5966 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-05-12 | N/A | 8.1 HIGH |
| ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system. | |||||
| CVE-2026-41551 | 2026-05-12 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device. | |||||
| CVE-2025-55752 | 1 Apache | 1 Tomcat | 2026-05-12 | N/A | 7.5 HIGH |
| Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue. | |||||
| CVE-2026-42085 | 1 Openc3 | 1 Cosmos | 2026-05-08 | N/A | 4.3 MEDIUM |
| OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3. | |||||
| CVE-2026-43533 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 8.6 HIGH |
| OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling. | |||||
| CVE-2026-22070 | 1 Oppo | 1 Coloros Assistant | 2026-05-05 | N/A | 7.1 HIGH |
| ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | |||||
| CVE-2026-31927 | 1 Anviz | 2 Cx7, Cx7 Firmware | 2026-05-04 | N/A | 4.9 MEDIUM |
| Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes | |||||
| CVE-2026-7404 | 2026-04-29 | 7.5 HIGH | 7.3 HIGH | ||
| A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2024-49253 | 2026-04-29 | N/A | 8.6 HIGH | ||
| Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5. | |||||
| CVE-2012-6069 | 1 3s-software | 1 Codesys Runtime System | 2026-04-29 | 10.0 HIGH | 10.0 CRITICAL |
| The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device. | |||||
| CVE-2012-5972 | 1 Specview | 1 Specview | 2026-04-29 | 2.6 LOW | N/A |
| Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | |||||
| CVE-2024-2318 | 1 Zkteco | 1 Zkbio Media | 2026-04-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-13199 | 1 Fabian | 1 Email Logging Interface | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '../filedir'. The attack is only possible with local access. The exploit has been made public and could be used. | |||||
| CVE-2026-20078 | 1 Cisco | 1 Unity Connection | 2026-04-28 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system. | |||||
| CVE-2026-20081 | 1 Cisco | 1 Unity Connection | 2026-04-28 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system. | |||||
| CVE-2026-30345 | 2026-04-28 | N/A | 7.5 HIGH | ||
| A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import. | |||||
| CVE-2026-33733 | 1 Espocrm | 1 Espocrm | 2026-04-27 | N/A | 7.2 HIGH |
| EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template path construction without normalization or traversal filtering. As a result, an authenticated admin can use `../` sequences to escape the intended template directory and read, create, overwrite, or delete arbitrary files that resolve to `body.tpl` or `subject.tpl` under the web application user's filesystem permissions. Version 9.3.4 fixes the issue. | |||||
| CVE-2025-47445 | 1 Themewinter | 1 Eventin | 2026-04-23 | N/A | 7.5 HIGH |
| Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26. | |||||
| CVE-2025-32137 | 2026-04-23 | N/A | 4.9 MEDIUM | ||
| Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through <= 250419. | |||||