| CVE-2026-34026 |
2026-06-15 |
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The … |
| CVE-2026-48569 |
2026-06-09 |
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. |
| CVE-2026-47287 |
2026-06-09 |
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. |
| CVE-2026-48681 |
2026-06-04 |
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. |
| CVE-2026-5422 |
2026-06-02 |
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.p… |
| CVE-2026-10074 |
2026-05-29 |
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files. |
| CVE-2026-10073 |
2026-05-29 |
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files. |
| CVE-2026-8326 |
2026-05-29 |
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component i… |
| CVE-2025-41280 |
2026-05-29 |
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code… |
| CVE-2025-41271 |
2026-05-29 |
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers t… |
| CVE-2025-41268 |
2026-05-29 |
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated atta… |
| CVE-2025-48977 |
2026-05-28 |
Relative Path Traversal vulnerability in Apache Ignite REST API.
Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way.
This issu… |
| CVE-2026-8361 |
2026-05-27 |
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome |
| CVE-2026-48126 |
2026-05-26 |
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request … |
| CVE-2026-8134 |
2026-05-21 |
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue ad… |
| CVE-2026-34926 |
2026-05-21 |
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents … |
| CVE-2026-23734 |
2026-05-20 |
XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Mai… |
| CVE-2026-8073 |
2026-05-19 |
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in t… |
| CVE-2026-41948 |
2026-05-18 |
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficien… |
| CVE-2026-41612 |
2026-05-12 |
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. |