RustDesk 后置链接漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. The RustDesk Client for Windows has a post-release link vulnerability, which stems from a symbolic link iss...

PT-2026-21002

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2026-25964

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

CVE-2025-13681

CVE-2025-13681 affects the WordPress plugin BFG Tools – Extension Zipper (versions

CVE-2026-25062

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...

CVE-2025-68406

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

CVE-2025-58467 Qsync Central

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync...

CVE-2025-58470

CVE-2025-58470 describes a path traversal vulnerability in Qsync Central. The issue allows an attacker who has an existing user account to exploit a path traversal flaw to read contents of unexpected files or system data. Affected product: Qsync Central. Root cause: improper validation of file pa...

PT-2026-7565

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

QNAP Systems File Station 路径遍历漏洞

QNAP Systems File Station is an archiving tool under QTS from QNAP Systems. This application allows access to NAS files via a web interface. QNAP Systems File Station 6 has a path traversal vulnerability; this vulnerability stems from path traversal issues, which may allow remote attackers to rea...

PT-2026-6802

Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11 Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitra...

CVE-2020-37041

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

USN-7984-1: Pagure vulnerabilities

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibly use this issue to cause Pagure to expose files outside the intended repository boundaries. CVE-2024-4981 Thomas Chauchefoin discovered that Pagure did not properly...

CVE-2020-36939

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

CVE-2026-24469

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

EUVD-2026-4601

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The Download Template function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read ...

CVE-2026-23746 Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

Path Traversal

@vitejs/plugin-rs is vulnerable to . The vulnerability is due to missing input validation on the frindSourceMapURL development endpoint, where an unauthenticated attacker can supply a file:// URL in the filename parameter to read arbitrary files accessible to the Node.js process...