CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Fortinet FortiSandbox h...

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

FileRise 安全漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise from 1.0.1 to 3.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the resumableIdentifier parameter in the Resumable.js multipart upload handler, which was concatenated...

CVE-2025-60023

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine...

EUVD-2025-35734

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine...

CVE-2025-60023

CVE-2025-60023 describes a relative path traversal in AutomationDirect Productivity Suite v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. Public advisories and ref...

CVE-2025-60023 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine...

EUVD-2025-33572

Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...

CVE-2025-35055 Newforma Info Exchange (NIX) insecure file upload

Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...

EUVD-2002-1075

Malware in sbrugna...

The vulnerability of the Golang programming language, related to insufficient or incorrect blocking mechanisms, allows for situations where a violator can delete arbitrary directories.

The vulnerability of the Golang programming language is related to insufficient or incorrect blocking measures. Exploiting this vulnerability could allow a remote attacker to delete any directories at will...

FreeScout Security Bypass Vulnerability (CNVD-2025-20798)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by improper input validation of the laravel translation manager package. An attacker can exploit the...

CVE-2011-4717

Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD aka rmdir command...

CVE-2024-9597

A Path Traversal vulnerability exists in the /wipedatabase endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter, which is used to construct file paths. An attacker can exploit th...

MAL-2025-608 Malicious code in achalk-next (npm)

This package exfiltrates API keys to an attacker-controlled server. It also has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b543eb1092108748ab3abd00741f5f1d0b181f326ba147792f883aed8d837697 Any...

Wowza Media Systems Wowza Streaming Engine 路径遍历漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and scalable media server software from Wowza Media Systems, Inc. It is used to reliably stream high-quality video and audio to any device, anywhere. A path traversal vulnerability exists in Wowza Media Systems Wowza Streaming...

CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

WordPress plugin Startklar Elementor Addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2023-42428

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system...