hsweb4 路径遍历漏洞

hsweb4 is an open-source full-responsive backend management framework based on Spring Boot 2. Versions of hsweb4 prior to 5.0.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of the parameter filename in the file upload component’s code, located at...

PT-2026-47266

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

PT-2026-47549

Impact dulwich.porcelain.format patchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, get summary only replaced spaces with dashes - path separators /, , parent-directory components .., and other filename-hostile characters e.g. : were preserved verbatim a...

jshERP（华夏ERP） 路径遍历漏洞

jshERP Huaxia ERP is a domestic ERP system developed by Jishan Hua. Versions of jshERP 3.6 and earlier contained a path traversal vulnerability. This vulnerability stemmed from improper handling of the parameter fileName in the addAccountHeadAndDetail function of the...

VulnCheck KEV: CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

p5-ack -- Multiple issues

Ack project reports: CVE-2026-49147: filename ANSI escape sequences CVE-2026-49146: project .ackrc -A -B -C memory exhaustion CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration...

CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

CVE-2026-2500

The Quick Playground WordPress plugin vulnerability (

PT-2026-47126

Name of the Vulnerable Software and Affected Versions Quick Playground versions prior to 1.3.5 Description The Quick Playground plugin for WordPress contains a path traversal flaw. The qckply data function processes the filename POST parameter and passes it to file get contents without proper...

CVE-2026-11416

Summary: MoviePilot is affected by a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers. The local destination path is built by concatenating the configured download directory with a filename taken directly from remote cloud API metadata, without basename...

CVE-2026-11423

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

CVE-2025-58024

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2026-46431

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient ...

CVE-2026-4853

The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler. The plugin sanitizes...

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...