CVE-2026-44716

Pipecat AI’s CVE-2026-44716 describes a path-traversal vulnerability in the Pipecat runner's GET /files/{filename:path} endpoint when started with --folder. The filename is joined to the base folder without containment checks, and percent-encoded slashes (e.g., ..%2F..%2F) bypass URL normalisatio...

CVE-2020-37219

Joomla comfabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjaxfiles method with path traversal sequences to enumerate files in system directories...

PT-2026-41390

Name of the Vulnerable Software and Affected Versions Pipecat versions 0.0.90 through 1.1.x Description A path traversal issue exists in the development runner within the src/pipecat/runner/run.py file. When the runner is started using the --folder flag, it enables a download endpoint 'GET...

EUVD-2020-31220

Joomla comfabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjaxfiles method with path traversal sequences to enumerate files in system directories...

Joomla com_fabrik 路径遍历漏洞

Joomla comfabrik is an extension developed by the Fabrik team, designed for building data forms, database applications, and business processes for Joomla websites. Version 3.9.11 of Joomla comfabrik contains a path traversal vulnerability. This vulnerability stems from directory traversal issues,...

PT-2026-40620

Joomla com fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax files method with path traversal sequences to enumerate files in system directori...

CVE-2026-42315 pyLoad: Path Traversal via Package Folder Name in set_package_data

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the setpackagedata function. An attacker can overwrite or create files in arbitrary directories by supplying crafted values to the...

COCO Annotator 路径遍历漏洞

COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. Versions of COCO Annotator 0.11.1 and earlier contained a path traversal vulnerability. This vulnerability stemmed from an unknown function in the Data...

EUVD-2025-209429

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

PT-2026-32520

Name of the Vulnerable Software and Affected Versions Vtiger CRM version 8.4.0 Description A reflected cross-site scripting XSS issue exists in the MailManager module, where XSS is a type of attack that injects malicious scripts into a trusted website. Improper handling of user-controlled input i...

CVE-2025-70936

Vtiger CRM 8.4.0 is affected by a reflected XSS in the MailManager module, caused by improper handling of user-controlled input in the _folder parameter. The payload is reflected and executed in an authenticated user session, using a double URL-encoded input. The available connected sources confi...

CVE-2018-18579

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

EUVD-2025-34917

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...

EUVD-2005-2036

Malware in sbrugna...

EUVD-2018-21590

Malware in sbrugna...