| CVE-2026-5422 |
2026-06-02 |
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.p… |
| CVE-2026-10074 |
2026-05-29 |
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files. |
| CVE-2026-10073 |
2026-05-29 |
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files. |
| CVE-2026-8326 |
2026-05-29 |
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component i… |
| CVE-2025-41280 |
2026-05-29 |
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code… |
| CVE-2025-41271 |
2026-05-29 |
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers t… |
| CVE-2025-41268 |
2026-05-29 |
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated atta… |
| CVE-2025-48977 |
2026-05-28 |
Relative Path Traversal vulnerability in Apache Ignite REST API.
Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way.
This issu… |
| CVE-2026-8361 |
2026-05-27 |
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome |
| CVE-2026-48126 |
2026-05-26 |
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request … |
| CVE-2026-8134 |
2026-05-21 |
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue ad… |
| CVE-2026-34926 |
2026-05-21 |
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents … |
| CVE-2026-23734 |
2026-05-20 |
XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Mai… |
| CVE-2026-8073 |
2026-05-19 |
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in t… |
| CVE-2026-41948 |
2026-05-18 |
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficien… |
| CVE-2026-41612 |
2026-05-12 |
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. |
| CVE-2026-41551 |
2026-05-12 |
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized.
This could allow a remote a… |
| CVE-2026-8209 |
2026-05-09 |
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the… |
| CVE-2026-29201 |
2026-05-08 |
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed. |
| CVE-2026-43533 |
2026-05-05 |
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers c… |