EUVD-2026-23799

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system...

GO-2026-4844 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy...

CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2026-33529

Zoraxy (github.com/tobychui/zoraxy) exposes an authenticated path traversal in the configuration import endpoint prior to version 3.3.2. The flaw allows writing arbitrary files outside the config directory, enabling potential remote code execution by creating a plugin. The issue is mitigated in v...

CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2025-41368 Multiple vulnerabilities in Small HTTP server by Smallsrv

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

Fireshare 安全漏洞

Fireshare is a media hosting software developed by Shane Israel individually. Version 1.5.1 of Fireshare contains a security vulnerability, which stems from authenticated path traversal in the multipart upload endpoint, potentially allowing arbitrary file writing...

GHSA-7PQ3-326H-F8Q9 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...

PT-2026-28166

Name of the Vulnerable Software and Affected Versions Zoraxy versions prior to 3.3.2 Description Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A path traversal vulnerability exists in the configuration import endpoint /api/conf/import when handling zip file entries. An...

WordPress Worry Proof Backup plugin <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload vulnerability

Authenticated Subscriber+ Path Traversal via Backup Upload vulnerability discovered by WordFence in WordPress Plugin Worry Proof Backup versions = 0.2.4...

Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)

Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...

CVE-2020-36883 SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to...

CVE-2025-53908 RomM vulnerable to Authenticated Path Traversal

RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the /api/raw endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official...

CVE-2025-53908 RomM vulnerable to Authenticated Path Traversal

RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the /api/raw endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official...

[SECURITY] [DLA 4149-1] nagvis security update

Debian LTS Advisory DLA-4149-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert May 01, 2025 https://wiki.debian.org/LTS Package : nagvis Version : 1:1.9.25-2+deb11u1 CVE ID : CVE-2021-33178 CVE-2022-3979 CVE-2022-46945 CVE-2023-46287 CVE-2024-13722 CVE-2024-13723...

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal

Exploit Title: ABB Cylon Aspect 3.08.02 ethernetUpdate.php - Authenticated Path Traversal Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable...

CVE-2025-2292

Xorcom CompletePBX (pre-5.2.36) is affected by an authenticated path traversal in the Backup and Restore function, enabling arbitrary file reads. The issue exists in CompletePBX up to version 5.2.35. Public advisories and tooling (e.g., Metasploit module) reference an authenticated file-disclosur...

Linux Distros Unpatched Vulnerability : CVE-2021-33178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this...