3906 matches found
phpShowtime 2.0 - Directory Traversal
A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. dot dot in the r parameter to index.php. id: CVE-2012-0981 info: name: phpShowtime 2.0 - Directory Traversal author: daffainfo severity: medium description: A...
Camtron CMNC-200 IP Camera - Directory Traversal
The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. id: CVE-2010-4231 info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high description: The CMNC-200 IP...
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure
A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...
CVE-2026-47897
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...
EUVD-2026-33277
Mautic vulnerable to Path Traversal via Campaign Import...
PYSEC-2026-377 Langflow Knowledge Bases API is Vulnerable to Path Traversal
Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...
CVE-2026-57346
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3...
EUVD-2026-40060
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3...
CVE-2026-13533
CVE-2026-13533 affects agentejo Cockpit CMS up to v0.12.2 in the htaccess Handler’s /config/config.yaml, via Spyc::YAMLLoad. The vulnerability arises from YAMLLoad manipulation that can make files or directories accessible and can be exploited remotely. Exploit code has been publicly disclosed an...
EUVD-2026-39923
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...
CVE-2025-11919 Unprotected temporary directories in Wolfram Cloud may result in privilege escalation
The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...
CVE-2025-11919
CVE-2025-11919 affects Wolfram Cloud (multi-tenant environment) where the default JVM can access temporary resources under /tmp, including other users’ TemporaryDirectory. A race during JVM startup allows an attacker with access to shared /tmp to create/replace .jar files via the -init file, caus...
CVE-2025-10268
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...
CVE-2025-10268
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...
PT-2026-52987
Name of the Vulnerable Software and Affected Versions Daktronics Controller Firmware affected versions not specified Description Remote authenticated and unauthenticated users can perform path traversal, which allows them to escape the intended directory and enumerate arbitrary file system paths...
UBUNTU-CVE-2026-53168
In the Linux kernel, the following vulnerability has been resolved: fuse: reject fusenotify pagecache ops on directories The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPENCACHEDIR, the pagecache is used...
EUVD-2026-39259
In the Linux kernel, the following vulnerability has been resolved: fuse: reject fusenotify pagecache ops on directories The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPENCACHEDIR, the pagecache is used...
CVE-2026-53168
In CVE-2026-53168, the Linux kernel vulnerability concerns FUSE pagecache operations. Specifically, the FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE handlers could allow a FUSE daemon to access pagecache contents for directories using FOPEN_CACHE_DIR. The issue is mitigated by rejecting these opera...
CVE-2026-53168
In the Linux kernel, the following vulnerability has been resolved: fuse: reject fusenotify pagecache ops on directories The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPENCACHEDIR, the pagecache is used...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Ceph: fixed a crash in processv2sparseread for encrypted directories. A crash in processv2sparseread for fscrypt-encrypted directories has been reported. This issue occurs in the Ceph msgr2 protocol in secure mode. It can be...