16689 matches found
EUVD-2026-45282
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user...
CVE-2026-15343
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...
Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter. id: CVE-2021-39316 info: name: WordPress DZS Zoomsounds =6.51 to fix t...
Suprema BioStar <2.8.2 - Local File Inclusion
Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...
GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...
Koha 3.20.1 - Directory Traversal
Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the templatepath parameter to 1 svc/virtualshelves/search or 2 svc/members/search. id: CVE-2015-4632 info: name:...
CVE-2026-55629
CVE-2026-55629 affects Whistle (HTTP/HTTP2/HTTPS/WebSocket proxy). Before 2.10.3, the code path in lib/service/service.js for GET /cgi-bin/temp/get uses req.query.filename and joins it to TEMP_FILES_PATH only if it matches the temp-file pattern; otherwise it passes the user-supplied filename to g...
CVE-2026-55629 Whistle: Path traversal
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...
CVE-2026-55629 Whistle: Path traversal
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...
PaperCut < 22.1.3 - Path Traversal
PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. id: CVE-2023-39143 info: name: PaperCut 22.1.3 - Path Traversal author: pdteam severity: critical description: PaperCut NG and PaperCut MF before 22.1.3...
CVE-2026-48338 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...
CVE-2026-11563
The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...
EUVD-2026-43624
The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...
EUVD-2026-43545
AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...
EUVD-2026-43541
Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...
CVE-2026-15684
Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...
CVE-2026-15681 AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability
AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...
CVE-2026-15681
Summary: CVE-2026-15681 affects AnyDesk. The flaw is in the handling of screen recording files: by creating a junction, a local attacker can cause the service to create arbitrary files, leading to a denial-of-service condition. Exploitation requires low-privilege code execution on the target syst...
CVE-2026-15682 AnyDesk Support Information Link Following Denial-of-Service Vulnerability
AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...