ReportizFlow
Filtered by vendor
Subscriptions
Total
8950 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27821 | 1 Apple | 6 Ios, Ipad Os, Ipados and 3 more | 2026-04-02 | 7.5 High |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent. | ||||
| CVE-2024-27810 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2026-04-02 | 9.8 Critical |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to read sensitive location information. | ||||
| CVE-2024-23216 | 1 Apple | 1 Macos | 2026-04-02 | 6.7 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files. | ||||
| CVE-2025-43191 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-02 | 6.2 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service. | ||||
| CVE-2026-28816 | 1 Apple | 1 Macos | 2026-04-02 | 4 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission. | ||||
| CVE-2024-44195 | 1 Apple | 1 Macos | 2026-04-02 | 7.5 High |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files. | ||||
| CVE-2026-28827 | 1 Apple | 1 Macos | 2026-04-02 | 9.3 Critical |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. | ||||
| CVE-2024-27869 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-02 | 7.5 High |
| The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator. | ||||
| CVE-2026-20688 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-02 | 9.3 Critical |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. | ||||
| CVE-2026-21005 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 6.5 Medium |
| Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. | ||||
| CVE-2026-30580 | 1 Leefish | 1 File Thingie | 2026-04-02 | 4.3 Medium |
| File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system. | ||||
| CVE-2025-70952 | 2 Pf4j, Pf4j Project | 2 Pf4j, Pf4j | 2026-04-02 | 7.5 High |
| pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation. | ||||
| CVE-2025-67030 | 1 Codehaus-plexus | 1 Plexus-utils | 2026-04-02 | 8.8 High |
| Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code | ||||
| CVE-2026-32846 | 1 Openclaw | 1 Openclaw | 2026-04-02 | 7.5 High |
| OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys. | ||||
| CVE-2026-33490 | 2 H3, H3js | 2 H3, H3 | 2026-04-02 | 3.7 Low |
| H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h3 uses a simple `startsWith()` check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary (i.e., that the next character after the base is `/` or end-of-string), middleware registered on a mount like `/admin` will also execute for unrelated routes such as `/admin-public`, `/administrator`, or `/adminstuff`. This allows an attacker to trigger context-setting middleware on paths it was never intended to cover, potentially polluting request context with unintended privilege flags. Version 2.0.2-rc.17 contains a patch. | ||||
| CVE-2026-33686 | 1 Code16 | 1 Sharp | 2026-04-02 | 8.8 High |
| Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In `src/Utils/FileUtil.php`, the `FileUtil::explodeExtension()` function extracts a file's extension by splitting the filename at the last dot. This issue has been patched in version 9.20.0 by properly sanitizing the extension using `pathinfo(PATHINFO_EXTENSION)` instead of `strrpos()`, alongside applying strict regex replacements to both the base name and the extension. | ||||
| CVE-2026-33945 | 2 Linuxcontainers, Lxc | 2 Incus, Incus | 2026-04-02 | 10 Critical |
| Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like `systemd.credential.../../../../../../root/.bashrc` to cause Incus to write outside of the `credentials` directory associated with the container. This makes use of the fact that the Incus syntax for such credentials is `systemd.credential.XYZ` where `XYZ` can itself contain more periods. While it's not possible to read any data this way, it's possible to write to arbitrary files as root, enabling both privilege escalation and denial of service attacks. Version 6.23.0 fixes the issue. | ||||
| CVE-2026-33747 | 2 Moby, Mobyproject | 2 Buildkit, Buildkit | 2026-04-02 | 8.4 High |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected. | ||||
| CVE-2026-33989 | 2 Mobile-next, Mobilenexthq | 2 Mobile-mcp, Mobile Mcp | 2026-04-02 | 8.1 High |
| Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue. | ||||
| CVE-2026-33027 | 2 0xjacky, Nginxui | 2 Nginx-ui, Nginx Ui | 2026-04-02 | 6.5 Medium |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory (/etc/nginx). In particular, this allows an authenticated user to remove the entire /etc/nginx directory, resulting in a partial Denial of Service. This issue has been patched in version 2.3.4. | ||||