Directory Traversal

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Directory Traversal. File operations fail to validate file path parameters against directory traversal sequences,...

Exploit for Path Traversal in Tuzitio Camaleon_Cms

CVE-2024-46987 - Camaleon CMS Authenticated Arbitrary File Rea...

FnOS-exploit

FnOS Path Traversal Vulnerability Exploitation Random File Re...

Pironman Dashboard 安全漏洞

Pironman Dashboard is a console interface open-sourced by SunFounder. Versions of Pironman Dashboard prior to 1.3.13 have security vulnerabilities; these vulnerabilities stem from path traversal in the log file API endpoints, which could lead to arbitrary file reading and deletion...

CVE-2026-25069 SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

CVE-2026-25069 SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

EUVD-2020-30937

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

PYSEC-2026-114

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

CVE-2020-37041 OpenCTI 3.3.1 - Directory Traversal

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

OpenCTI path traversal vulnerability

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Version 3.3.1 of OpenCTI contains a path traversal vulnerability. This vulnerability stems from directory traversal in static/css endpoints, which may allow unverified attackers to read arbitrary files...

PT-2026-5481

Name of the Vulnerable Software and Affected Versions OpenCTI version 3.3.1 Description OpenCTI version 3.3.1 is susceptible to a directory traversal issue through the static/css endpoint. An unauthenticated attacker can access arbitrary files on the filesystem by submitting specially crafted GET...

MedDream PACS Premium Arbitrary File Read Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. An arbitrary file read vulnerability exists in MedDream PACS Premium, which can be exploited by an attacker to cause arbitrary files to be read...

📄 n8n 2.0.0-rc.4 Remote Command Execution

n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

CVE-2025-14610

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

GHSA-F72R-2H5J-7639 SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal

File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...

CVE-2020-36944

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...

CVE-2020-36970

CVE-2020-36970 affects PMB 5.6, with a local file disclosure vulnerability in getgif.php triggered by unsanitized input of the chemin parameter. Attackers can read arbitrary system files (e.g., /etc/passwd) by crafting requests to getgif.php, leading to high impact on confidentiality. The provide...

CVE-2020-36944 ILIAS Learning Management System 4.3 - SSRF

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...