PT-2026-50823

Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...

Palo Alto Networks Cortex XSOAR 8.10.x < 8.13.0.11 Path Traversal

According to its self-reported version, the Palo Alto Networks Cortex XSOAR application installed on the remote Linux host is affected by a path traversal vulnerability: - A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated...

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26157)

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

CVE-2026-12568

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

CVE-2026-12568 Arbitrary File Write in postman_download module

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

EUVD-2026-37797

Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile with an empty folder...

CVE-2026-49133

Typemill before 2.24.0 has a path traversal vulnerability in Storage::getFile() that lets authenticated users with Author privileges read files outside the content directory by passing traversal sequences in the path query parameter with an empty folder argument. This can bypass traversal-prevent...

CVE-2026-11407

PIMCORE CMS/DXP 12.3.8 contains a sandbox bypass in the Twig SecurityPolicy (checkMethodAllowed and checkPropertyAllowed). Authenticated administrative attackers can craft malicious Twig templates via DataObject ClassDefinition Layout\Text to execute arbitrary PHP object methods, perform file rea...

EUVD-2026-37715

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

EUVD-2026-37627

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

EUVD-2026-37598

Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...

EUVD-2026-37593

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

EUVD-2026-37600

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

EUVD-2026-37601

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

EUVD-2026-37599

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

EUVD-2026-37587

Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...

EUVD-2026-37667

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

EUVD-2026-37668

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

EUVD-2026-37669

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...