HP Printer Directory Traversal (CVE-2008-4419)

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color...

PT-2026-36194

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions prior to 1.8.5 Description An issue allows a remote attacker to perform directory traversal on the system. By sending a specially crafted URL request containing "dot dot" sequences /../, an attacker can view...

PT-2026-36189

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...

GHSA-JFGF-83C5-2C4M i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...

Directory Traversal

Overview pygeoapi is a pygeoapi provides an API to geospatial data Affected versions of this package are vulnerable to Directory Traversal via the STAC FileSystemProvider process. An attacker can access sensitive directories and files by sending crafted requests containing directory traversal...

Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read

Summary The add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a...

Directory Traversal

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Directory Traversal via the name parameter in the add process. An attacker can access arbitrary files on the server by tricking a...

GHSA-M9H6-8PQM-XRHF Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read

Summary The add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a...

Directory Traversal

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Directory Traversal via the ecardpreview.php process. An attacker can access arbitrary files on the server, including sensitive...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the webchat audio embedding process. An attacker can access and exfiltrate arbitrary local audio-like files readable by the gateway process by influencing the...

Directory Traversal

Overview mcpo-simple-server is a Python-based LLM server that implements the Model Context Protocol MCP Affected versions of this package are vulnerable to Directory Traversal via the deletesharedprompt function in the file src/mcposimpleserver/services/promptmanager/basemanager.py when processin...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the mirror mode process. An attacker can delete arbitrary remote directories by manipulating the remoteWorkspaceDir and remoteAgentWorkspaceDir configuration value...

Exploit for CRLF Injection in Useplunk Plunk

CVE-2026-34975 — CRLF Email Header Injection in Plunk via raw...

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25312

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 is affected by an authenticated directory traversal vulnerability. An authenticated attacker can disclose arbitrary files by injecting path traversal sequences into the ID parameter when issuing requests to downloadsys.pl, download_xml.pl, download.pl, ...

EUVD-2018-21832

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, downloadxml.pl,...

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...