Total
308 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-35174 | 2026-04-06 | N/A | 9.1 CRITICAL | ||
| Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026.01. | |||||
| CVE-2026-34783 | 2026-04-06 | N/A | 8.1 HIGH | ||
| Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those filenames to construct output paths (a standard scraping pattern), the attacker controls both the destination path and the file content. This can lead to remote code execution via cron jobs, SSH authorized_keys, shell profiles, or web shells. This vulnerability is fixed in 2.0.0-alpha.4. | |||||
| CVE-2026-30276 | 1 Deftpdf | 1 Document Translator | 2026-04-06 | N/A | 9.8 CRITICAL |
| An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30281 | 1 Maru | 1 Neo.maru | 2026-04-06 | N/A | 9.8 CRITICAL |
| An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30284 | 1 Uxgroupllc | 1 Voice Recorder | 2026-04-06 | N/A | 8.6 HIGH |
| An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30291 | 2026-04-03 | N/A | 8.4 HIGH | ||
| An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30292 | 2026-04-03 | N/A | 8.4 HIGH | ||
| An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-33949 | 2026-04-03 | N/A | 8.1 HIGH | ||
| Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server configuration files and potentially execute arbitrary commands by sabotaging build script. This issue has been patched in version 2.2.2. | |||||
| CVE-2026-34522 | 2026-04-03 | N/A | 8.1 HIGH | ||
| SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character_name. This issue has been patched in version 1.17.0. | |||||
| CVE-2026-30289 | 1 Tinybeans | 1 Private Family Album | 2026-04-02 | N/A | 8.4 HIGH |
| An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30287 | 1 Deepthought.industries | 1 Ace Scanner | 2026-04-02 | N/A | 8.4 HIGH |
| An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-0965 | 2 Libssh, Redhat | 2 Libssh, Enterprise Linux | 2026-04-02 | N/A | 3.3 LOW |
| A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations. | |||||
| CVE-2026-27825 | 1 Mcp-atlassian | 1 Mcp Atlassian | 2026-04-02 | N/A | 9.0 CRITICAL |
| MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the server process has write access to. Because the attacker controls both the write destination and the written content (via an uploaded Confluence attachment), this constitutes for arbitrary code execution (for example, writing a valid cron entry to `/etc/cron.d/` achieves code execution within one scheduler cycle with no server restart required). Version 0.17.0 fixes the issue. | |||||
| CVE-2026-30940 | 1 Basercms | 1 Basercms | 2026-04-01 | N/A | 7.2 HIGH |
| baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3. | |||||
| CVE-2026-33027 | 1 Nginxui | 1 Nginx Ui | 2026-04-01 | N/A | 6.5 MEDIUM |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory (/etc/nginx). In particular, this allows an authenticated user to remove the entire /etc/nginx directory, resulting in a partial Denial of Service. This issue has been patched in version 2.3.4. | |||||
| CVE-2026-30282 | 2026-04-01 | N/A | 9.0 CRITICAL | ||
| An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure. | |||||
| CVE-2026-5210 | 2026-04-01 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2026-23898 | 2026-04-01 | N/A | N/A | ||
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | |||||
| CVE-2026-33989 | 1 Mobilenexthq | 1 Mobile Mcp | 2026-03-31 | N/A | 8.1 HIGH |
| Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue. | |||||
| CVE-2026-33645 | 1 Shaneisrael | 1 Fireshare | 2026-03-30 | N/A | 7.1 HIGH |
| Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue. | |||||