ReportizFlow
Filtered by vendor
Subscriptions
Total
8894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0655 | 1 Tp-link | 2 Deco Be25, Deco Be25 Firmware | 2026-04-16 | 8.0 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. | ||||
| CVE-2026-34619 | 1 Adobe | 1 Coldfusion | 2026-04-16 | 7.7 High |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-2606 | 1 Ibm | 2 Webmethods Api Gateway, Webmethods Api Gateway On Prem | 2026-04-16 | 6.5 Medium |
| IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read access on the underlying server file system. | ||||
| CVE-2026-24848 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-04-16 | 9.9 Critical |
| OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerability can be exploited to achieve Remote Code Execution (RCE) by uploading malicious PHP web shells. | ||||
| CVE-2026-28769 | 2 Datacast, International Datacasting Corporation (idc) | 3 Sfx2100, Sfx2100 Firmware, Sfx Series Superflex Satellite Receiver Web Management Interface | 2026-04-16 | 6.5 Medium |
| A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed. | ||||
| CVE-2026-27442 | 1 Seppmail | 2 Seppmail, Seppmail Secure Email Gateway | 2026-04-16 | 7.5 High |
| The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway. | ||||
| CVE-2026-32771 | 2 Ctfer, Ctfer-io | 2 Monitoring, Monitoring | 2026-04-16 | 9.8 Critical |
| The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path Traversal due to a missing trailing path separator in the strings.HasPrefix check. The extractor allows arbitrary file writes (e.g., overwriting shell configs, SSH keys, kubeconfig, or crontabs), enabling RCE and persistent backdoors. The attack surface is further amplified by the default ReadWriteMany PVC access mode, which lets any pod in the cluster inject a malicious payload. This issue has been fixed in version 0.2.2. | ||||
| CVE-2026-2743 | 1 Seppmail | 1 Seppmail | 2026-04-16 | 9.8 Critical |
| Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before | ||||
| CVE-2026-28538 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 5.9 Medium |
| Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24457 | 1 Eclipse | 1 Openmq | 2026-04-16 | 9.1 Critical |
| An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved. | ||||
| CVE-2026-28447 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 8.1 High |
| OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command. | ||||
| CVE-2026-28457 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.1 Medium |
| OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory. | ||||
| CVE-2026-28462 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.5 High |
| OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST /trace/stop, POST /wait/download, and POST /download endpoints to write files outside intended temp roots. | ||||
| CVE-2026-28486 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.1 Medium |
| OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended directory. Attackers can craft malicious archives that, when extracted via skills install, hooks install, plugins install, or signal install commands, write files to arbitrary locations enabling persistence or code execution. | ||||
| CVE-2026-28676 | 1 Opensift | 1 Opensift | 2026-04-16 | 8.8 High |
| OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha. | ||||
| CVE-2026-28679 | 2 Home-gallery, Xemle | 2 Homegallery, Home-gallery | 2026-04-16 | 8.6 High |
| Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system files being downloadable as well. This issue has been patched in version 1.21.0. | ||||
| CVE-2026-28795 | 1 Zhongyu09 | 1 Openchatbi | 2026-04-16 | 9.8 Critical |
| OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2. | ||||
| CVE-2026-29064 | 2 Lfprojects, Zarf-dev | 2 Zarf, Zarf | 2026-04-16 | 8.2 High |
| Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package. This issue has been patched in version 0.73.1. | ||||
| CVE-2026-29790 | 2 Dbt-labs, Getdbt | 2 Dbt-common, Dbt-common | 2026-04-16 | 5.3 Medium |
| dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safe_extract() function used when extracting tarball archives. The function uses os.path.commonprefix() to validate that extracted files remain within the intended destination directory. However, commonprefix() compares paths character-by-character rather than by path components, allowing a malicious tarball to write files to sibling directories with matching name prefixes. This issue has been patched in versions 1.34.2 and 1.37.3. | ||||
| CVE-2026-29190 | 1 Aiven | 1 Karapace | 2026-04-16 | 4.1 Medium |
| Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation to perform arbitrary file read on the system where Karapace is running. The issue affects deployments that use the backup/restore functionality and process backups from untrusted sources. The impact depends on the file system permissions of the Karapace process. This issue has been patched in version 6.0.0. | ||||