CVE-2026-36767

A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

EUVD-2018-21833

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...

PT-2026-35935

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions...

PT-2026-34328

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logs dir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of user-supplied paths in the prefixed function. An attacker can read or write arbitrary files, create directories, and enumerate files outside the intended root directory by sending...

PT-2026-33604

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager DSM allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary...

PT-2026-33605

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager DSM allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary...

EUVD-2026-22918

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...

EUVD-2026-21555

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-39981

CVE-2026-39981 affects AGiXT (dynamic AI Agent Automation Platform). The vulnerability is in the safe_join() function of the essential_abilities extension, where path validation fails and allows directory traversal to read, write, or delete arbitrary files on the server. This requires authenticat...

AGiXT 路径遍历漏洞

AGiXT is an AI automation platform developed by Josh XT, supporting multiple models and extended functions. Prior to AGiXT version 1.9.2, there was a path traversal vulnerability. This vulnerability stemmed from the safejoin function not verifying whether the file path was within the specified...

PT-2026-30930

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

Dassault Systèmes DELMIA Factory Resource Manager 安全漏洞

Dassault Systèmes DELMIA Factory Resource Manager is a manufacturing execution software developed by Dassault Systèmes, a French company, used for modeling factory resources and planning production processes. The Dassault Systèmes DELMIA Factory Resource Manager versions from 3DEXPERIENCE R2023x ...

CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

CVE-2026-4619

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network...

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

EUVD-2026-16096

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...