20838 matches found
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the waitForDownloadViaPlaywright and downloadViaPlaywright functions. An attacker can write files outside the intended temporary downloads directory by supplying a...
CVE-2026-2464
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...
CVE-2026-2464 Directory Traversal in AMR Printer Management by AMR
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...
CVE-2026-2464 Directory Traversal in AMR Printer Management by AMR
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...
CVE-2026-2464
The CVE describes a path traversal vulnerability in the AMR Printer Management 1.01 Beta web service that is accessible without authentication and runs with elevated privileges. An attacker can supply crafted path traversal sequences to the web management interface to read arbitrary files on the ...
CVE-2026-2426
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
CVE-2026-2426
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
CVE-2026-2426
The CVE concerns the WordPress WP-DownloadManager plugin, versions up to 1.69, where path traversal in the file deletion feature (via the file parameter) allows authenticated Administrators+ to delete arbitrary server files. This could lead to remote code execution if critical files like wp-confi...
CVE-2026-2426 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
CVE-2026-2426
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
CVE-2026-2426 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
CVE-2026-2419
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...
CVE-2026-2419
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...
CVE-2026-2419
The CVE refers to WP-DownloadManager for WordPress (versions up to and including 1.69) being vulnerable to Path Traversal via the download_path setting. The vulnerability allows an authenticated attacker with Administrator-level access to configure the plugin to list or read arbitrary server file...
CVE-2026-2419 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...
CVE-2026-2419 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...
CVE-2026-2419
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...
Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector
Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 7.1.0 Vulnerability Details CVEID:CVE-2025-12194 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion...
CVE-2025-59793
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the handling of module paths in the gateway configuration. An attacker can execute arbitrary code by supplying a crafted module path to the configuration if they...