7213 matches found
CVE-2026-36762
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...
CVE-2026-36760
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...
CVE-2026-38993
A flaw was found in Cockpit. This vulnerability, identified as a directory traversal, allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite existing assets with malicious versions. The exploitation occurs via the Buckets component. This cou...
CVE-2026-36767
shopizer 3.2.5 is affected by a path traversal vulnerability in the /content/images/add endpoint that allows an attacker to write arbitrary files to any writable path via a crafted POST request. This is a high-impact issue (CVSS v3.1: 10.0, critical, network access, no authentication, user intera...
JeeSite 路径遍历漏洞
JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Version JeeSite 5.15.1 contains a path traversal vulnerability, which stems from issues with the fileMd5 parameter in the /a/file/upload endpoint. This vulnerability could allow authenticated attackers with file...
JeeSite 路径遍历漏洞
JeeSite is a Java rapid development platform open-sourced by Zhuo Yuan thinkgem in Jinan, China. Version 5.15.1 of JeeSite contains a path traversal vulnerability. This vulnerability stems from an issue with the fileEntityId parameter in the /a/file/upload endpoint. It could allow authenticated...
EUVD-2026-26393
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...
EUVD-2026-26396
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...
Shopizer 路径遍历漏洞
Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a path traversal vulnerability. This vulnerability stems from the /content/images/add endpoint, where path traversal is possible, allowing attackers to write arbitrary...
CVE-2026-36760
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...
CVE-2026-36762
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...
CVE-2026-36767
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
NiceGUI 3.6.1 - Path Traversal
Exploit Title: NiceGUI 3.6.1 - Path Traversal Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: NiceGUI = 3.6.1 Python 3.8–3.12 on Linux/Windows CVE: CVE-2026-25732 Affected Versions: = 3.6.1 fixed in 3.7.0 Type: Remote...
Python-Multipart 0.0.22 - Path Traversal
Exploit Title: Python-Multipart 0.0.22 - Path Traversal Date: 2026-02-23 Exploit Author: cardosource Vendor Homepage: https://github.com/Kludex/python-multipart Software Link: https://pypi.org/project/python-multipart/ Version: 0.0.22 REQUIRED Tested on: Ubuntu / Python 3.13.5 / Docker as root fo...
EUVD-2026-26401
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the webchat audio embedding process. An attacker can access and exfiltrate arbitrary local audio-like files readable by the gateway process by influencing the...
CVE-2026-27105
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-27105
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
EUVD-2026-26269
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-27105
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...