Lucene search
K

1091 matches found

CVE
CVE
added 2026/05/29 10:51 a.m.17 views

CVE-2025-41271

Nozomi Networks Labs identifies a CWE-23 Relative Path Traversal affecting Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040) via the Console WebUI. An unauthenticated remote attacker could read arbitrary files on the device through this vulnerability. The provided documents do not sp...

8.7CVSS6AI score0.00434EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 10:51 a.m.9 views

CVE-2025-41271

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

8.7CVSS6AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:51 a.m.34 views

CVE-2025-41271

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

8.7CVSS0.00434EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:51 a.m.8 views

CVE-2025-41271

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

8.7CVSS6AI score0.00434EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 10:49 a.m.33 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

8.8CVSS0.00437EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:49 a.m.9 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

8.8CVSS6AI score0.00437EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 10:49 a.m.10 views

EUVD-2025-209988

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

8.8CVSS6AI score0.00437EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44838

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...

6.9CVSS5.9AI score0.00347EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Interinfo DreamMaker 安全漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a security vulnerability, which stems from relative path traversal. This vulnerability could allow unauthenticated local attackers to download arbitrary system files...

8.7CVSS5.9AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44818

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...

7.5CVSS6AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44837

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...

8.7CVSS5.9AI score0.00353EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Interinfo DreamMaker 安全漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a security vulnerability, which stems from relative path traversal. This vulnerability could allow privileged local attackers to download arbitrary system files...

6.9CVSS5.9AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 5:37 p.m.8 views

GHSA-MJ4X-VF5C-5XG8 compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

6.9CVSS5.9AI score0.00061EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:37 p.m.18 views

compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

5.9AI score0.00061EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/28 12:38 p.m.9 views

Relative Path Traversal

Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...

8.5CVSS5.9AI score0.00526EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 10:16 a.m.10 views

CVE-2025-48977

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

8.5CVSS0.00526EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 2:15 p.m.18 views

CVE-2018-25365

PCViewer VT1000 is affected by a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests (e.g., ../../../../../../../../../../../../etc/passwd). The root cause is a failure to validate or sanitize path t...

8.7CVSS5.9AI score0.00785EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 9:45 p.m.11 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the ssx and jsx endpoints when a leading slash is used. An attacker can access sensitive configuration files by crafting a URL that traverses directories. Note: This issue is due to...

9.8CVSS5.8AI score0.19538EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 6:37 a.m.13 views

Security Bulletin: Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp

Summary Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

2.3CVSS5.8AI score0.00461EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41321

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.0013EPSS
Exploits0References2
Rows per page
Query Builder