Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (548 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22888 1 Cybozu 1 Garoon 2026-04-18 7.5 High
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
CVE-2026-25121 2 Chainguard, Chainguard-dev 2 Apko, Apko 2026-04-17 7.5 High
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package (e.g., via a compromised or typosquatted repository) could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink methods in pkg/apk/fs/rwosfs.go use filepath.Join() without validating that the resulting path stays within the base directory. This issue has been patched in version 1.1.1.
CVE-2026-25575 2 Tum, Tum-dev 2 Navigatum, Navigatum 2026-04-17 7.5 High
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying unsanitized file keys containing traversal sequences (e.g., ../../) in the JSON payload, an attacker can escape the intended temporary directory and replace public facing images or fill the server's storage. This issue has been patched via commit 86f34c7.
CVE-2026-25057 1 Markusproject 1 Markus 2026-04-17 9.1 Critical
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.
CVE-2026-25951 1 Frangoteam 1 Fuxa 2026-04-17 7.2 High
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11.
CVE-2026-26362 1 Dell 2 Powermax Os, Unisphere For Powermax 2026-04-17 8.1 High
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.
CVE-2026-27202 1 Getsimple-ce 1 Getsimple Cms 2026-04-17 7.5 High
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.
CVE-2026-29778 2 Pyload, Pyload-ng Project 2 Pyload, Pyload-ng 2026-04-17 7.1 High
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. This issue has been patched in version 0.5.0b3.dev97.
CVE-2026-1762 1 Ge Vernova 1 Enervista 2026-04-16 2.9 Low
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
CVE-2026-21620 1 Erlang 3 Erlang/otp, Erlang\/otp, Otp 2026-04-16 4.2 Medium
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
CVE-2026-1461 2 Wordpress, Wpinsider-1 2 Wordpress, Simple Membership 2026-04-15 6.5 Medium
The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured, which is empty by default. This makes it possible for unauthenticated attackers to forge Stripe webhook events to manipulate membership subscriptions, including reactivating expired memberships without payment or canceling legitimate subscriptions, potentially leading to unauthorized access and service disruption.
CVE-2023-3940 2026-04-15 7.5 High
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
CVE-2023-3941 2026-04-15 10 Critical
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
CVE-2025-27791 2026-04-15 N/A
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25.
CVE-2025-52207 2026-04-15 9.9 Critical
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
CVE-2025-9639 2026-04-15 7.5 High
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVE-2025-66386 1 Misp 1 Misp 2026-04-15 4.1 Medium
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
CVE-2025-64714 1 Privatebin 1 Privatebin 2026-04-15 5.8 Medium
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselection` is enabled in the configuration, the server trusts the `template` cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file elsewhere, gain remote code execution. The constructed path of the template file is checked for existence, then included. For PrivateBin project files this does not leak any secrets due to data files being created with PHP code that prevents execution, but if a configuration file without that line got created or the visitor figures out the relative path to a PHP script that directly performs an action without appropriate privilege checking, those might execute or leak information. The issue has been patched in version 2.0.3. As a workaround, set `templateselection = false` (which is the default) in `cfg/conf.php` or remove it entirely
CVE-2025-62878 2026-04-15 9.9 Critical
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
CVE-2025-62498 1 Automationdirect 8 P1-540, P1-550, P2-550 and 5 more 2026-04-15 8.8 High
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.