Total
153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26124 | 1 Microsoft | 1 Aci Confidential Containers | 2026-06-17 | N/A | 6.7 MEDIUM |
| '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-1763 | 2026-06-17 | N/A | 4.6 MEDIUM | ||
| Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | |||||
| CVE-2025-8088 | 3 Dtsearch, Microsoft, Rarlab | 3 Dtsearch, Windows, Winrar | 2026-06-17 | N/A | 8.8 HIGH |
| A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | |||||
| CVE-2025-8051 | 1 Opentext | 1 Flipper | 2026-06-17 | N/A | 6.5 MEDIUM |
| Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | |||||
| CVE-2025-69325 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8. | |||||
| CVE-2025-68428 | 1 Parall | 1 Jspdf | 2026-06-17 | N/A | 7.5 HIGH |
| jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF. | |||||
| CVE-2025-67914 | 2026-06-17 | N/A | 7.7 HIGH | ||
| Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. | |||||
| CVE-2025-66004 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba. | |||||
| CVE-2025-64676 | 1 Microsoft | 1 Purview | 2026-06-17 | N/A | 7.2 HIGH |
| '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-64253 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1. | |||||
| CVE-2025-5598 | 2026-06-17 | N/A | N/A | ||
| Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | |||||
| CVE-2025-5454 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2026-06-17 | N/A | 6.4 MEDIUM |
| An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | |||||
| CVE-2025-59793 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2026-06-17 | N/A | 9.9 CRITICAL |
| Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution. | |||||
| CVE-2025-59099 | 2026-06-17 | N/A | N/A | ||
| The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files stored on the file system, including the SQLite database Database.sq3, containing badge information and the corresponding PIN codes. Additionally, when trying to access certain files, the web server crashes and becomes unreachable for about 60 seconds. This can be abused to continuously send the request and cause denial of service. | |||||
| CVE-2025-58972 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4. | |||||
| CVE-2025-58381 | 1 Broadcom | 1 Fabric Operating System | 2026-06-17 | N/A | 2.3 LOW |
| A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories. | |||||
| CVE-2025-58380 | 1 Broadcom | 1 Fabric Operating System | 2026-06-17 | N/A | 2.3 LOW |
| A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories. | |||||
| CVE-2025-53880 | 2026-06-17 | N/A | N/A | ||
| A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. | |||||
| CVE-2025-53561 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0. | |||||
| CVE-2025-53417 | 2026-06-17 | N/A | N/A | ||
| DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | |||||