CVE-2026-34523

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

PT-2026-29661

Summary A path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. By sending percent-encoded ../ sequences %2E%2E%2F in requests to static file routes, an attacker can check for the existen...

CVE-2026-30942

Flare (Next.js-based, self-hosted file sharing) contains an authenticated path traversal in /api/avatars/[filename] prior to version 1.7.3. The filename is passed to path.join() without sanitization and getFileStream() performs no path validation, allowing %2F-encoded ../ sequences to escape uplo...

CVE-2026-29185 @backstage/integration: Potential reading of SCM URLs using built in token

Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...

CVE-2023-53944 EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53944 EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53944

EasyPHP Webserver 14.1 is affected by a path traversal vulnerability (CVE-2023-53944) that allows remote low-privilege users to read files outside the document root by bypassing SecurityManager. The documented payload involves crafted GET requests with encoded directory traversal sequences such a...

PT-2025-52323

Name of the Vulnerable Software and Affected Versions EasyPHP Webserver version 14.1 Description A path traversal flaw exists in EasyPHP Webserver that permits unauthenticated remote users with limited privileges to access files beyond the intended document root. This is achieved by circumventing...

EUVD-2011-1669

Malware in sbrugna...

EUVD-2003-0469

Malware in sbrugna...

EUVD-2004-2455

Malware in sbrugna...

EUVD-2006-5195

Malware in sbrugna...

EUVD-2006-5035

Malware in sbrugna...

EUVD-2006-3529

Malware in sbrugna...

EUVD-2007-0599

Malware in sbrugna...

EUVD-2011-1714

Malware in sbrugna...

Path Traversal

kodi is vulnerable to Path Traversal. The vulnerability is due to there is no sanitization on user-provided input and allowing special character sequences like encoded dot-dot-slash. This allows remote attackers to access and read arbitrary files on the system by exploiting encoded sequences in t...

Directory Traversal

Overview mongrel is an A small fast HTTP library and server that runs Rails, Camping, Nitro and Iowa apps. Affected versions of this package are vulnerable to Directory Traversal via the DirHandler function in lib/mongrel/handlers.rb. An attacker can read arbitrary files by sending an HTTP reques...

SUSE CVE-2007-1860

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

GHSA-M7R6-43V2-49VF Mongrel vulnerable to directory traversal via double-encoded sequences

Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...