ReportizFlow
Filtered by vendor
Subscriptions
Total
8402 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15449 | 1 Cld378632668 | 1 Javamall | 2026-03-08 | 5.4 Medium |
| A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-0655 | 1 Tp-link | 2 Deco Be25, Deco Be25 Firmware | 2026-03-06 | 8.0 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. | ||||
| CVE-2026-28406 | 2 Chainguard, Chainguard-forks | 2 Kaniko, Kaniko | 2026-03-06 | 8.2 High |
| kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction. | ||||
| CVE-2025-36597 | 2 Dell, Emc | 3 Avamar Server, Powerprotect Dp Series Appliance (idpa), Avamar Virtual Edition | 2026-03-06 | 4.7 Medium |
| Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2026-21659 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-06 | 9.8 Critical |
| Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2025-70231 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-03-06 | 9.8 Critical |
| D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability. | ||||
| CVE-2026-22762 | 1 Dell | 3 Avamar Server, Avamar Virtual Edition, Powerprotect Dp Series Appliance (idpa) | 2026-03-06 | 6.5 Medium |
| Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete. | ||||
| CVE-2025-69411 | 2 Robert Seyfriedsberger, Wordpress | 2 Ioncube Tester Plus, Wordpress | 2026-03-06 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3. | ||||
| CVE-2026-28078 | 2 Stylemixthemes, Wordpress | 2 Ulisting, Wordpress | 2026-03-06 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through <= 2.2.0. | ||||
| CVE-2026-28538 | 1 Huawei | 1 Harmonyos | 2026-03-06 | 5.9 Medium |
| Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-48636 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48567 | 1 Google | 1 Android | 2026-03-06 | 7.8 High |
| In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-2606 | 1 Ibm | 2 Webmethods Api Gateway, Webmethods Api Gateway On Prem | 2026-03-05 | 6.5 Medium |
| IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read access on the underlying server file system. | ||||
| CVE-2025-69194 | 1 Gnu | 2 Wget, Wget2 | 2026-03-05 | 8.8 High |
| A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment. | ||||
| CVE-2026-28427 | 1 Nekename | 1 Opendeck | 2026-03-05 | N/A |
| OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended directory and read any file OpenDeck can access. This vulnerability is fixed in 2.8.1. | ||||
| CVE-2026-0847 | 1 Nltk | 1 Nltk | 2026-03-05 | 7.5 High |
| A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities. | ||||
| CVE-2026-26228 | 1 Videolan | 2 Vlc, Vlc For Android | 2026-03-05 | 4.9 Medium |
| VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allowing an authenticated attacker with network reachability to the Remote Access Server to request files outside the intended directory. The impact is bounded by the Android application sandbox and storage restrictions, typically limiting exposure to app-internal and app-specific external storage. | ||||
| CVE-2026-26984 | 2 Aces, Mcgill | 2 Loris, Loris | 2026-03-05 | 8.8 High |
| LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to upload a malicious file to an arbitrary location on the server. Once uploaded, the file can be used to achieve remote code execution (RCE). An attacker must be authenticated and have the appropriate permissions to exploit this issue. If the server is configured as read-only, remote code execution (RCE) is not possible; however, the malicious file upload may still be achievable. This problem is fixed in LORIS v26.0.5 and above, v27.0.2 and above, and v28.0.0 and above. As a workaround, LORIS administrators can disable the media module if it is not being used. | ||||
| CVE-2026-26985 | 2 Aces, Mcgill | 2 Loris, Loris | 2026-03-05 | 8.1 High |
| LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can read configuration files on the server by exploiting a path traversal vulnerability. Some of these files contain hard-coded credentials. The vulnerability allows an attacker to read configuration files containing hard-coded credentials. The attacker could then authenticate to the database or other services if those credentials are reused. The attacker must be authenticated and have the required permissions. However, the vulnerability is easy to exploit and the application source code is public. This problem is fixed in LORIS v26.0.5 and v27.0.2 and above, and v28.0.0 and above. As a workaround, the electrophysiogy_browser in LORIS can be disabled by an administrator using the module manager. | ||||
| CVE-2026-27819 | 2 Go-vikunja, Vikunja | 2 Vikunja, Vikunja | 2026-03-05 | 7.2 High |
| Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the intended extraction directory to overwrite arbitrary files on the host system. Additionally, we’ve discovered that a malformed archive triggers a runtime panic, crashing the process immediately after the database has been wiped permanently. The application trusts the metadata in the ZIP archive. It uses the Name attribute of the zip.File struct directly in os.OpenFile calls without validation, allowing files to be written outside the intended directory. The restoration logic assumes a specific directory structure within the ZIP. When provided with a "minimalist" malicious ZIP, the application fails to validate the length of slices derived from the archive contents. Specifically, at line 154, the code attempts to access an index of len(ms)-2 on an insufficiently populated slice, triggering a panic. Version 2.0.0 fixes the issue. | ||||