CVE-2026-53189

In Linux kernel CVE-2026-53189, the issue is in mm/huge_memory where __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping’s folio reference. If folio_put() drops the last reference, mm_counter_file() can read freed folio state via folio_test_swapbacked(). Th...

EUVD-2026-39246

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: use correct flags for device private PMD entry Commit 65edfda6f3f2 "mm/rmap: extend rmap and migration support device-private entries" updated setpmdmigrationentry to use pmdphugegetandclear in the softleaf case, b...

CVE-2026-53149

CVE-2026-53149 affects the Linux kernel thunderbolt subsystem. The root cause is a missing bounds check in __tb_property_parse_dir(): content_offset + content_len is not verified to fit within block_len for the root directory case. If rootdir->length is at least block_len - 2, the entry loop m...

EUVD-2026-39240

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

JFinalCMS v5.0.0 - Directory Traversal

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. id: CVE-2023-41599 info: name: JFinalCMS v5.0.0 - Directory Traversal author: pussycat0x severity: medium description: | An issue in the component /common/DownController.ja...

CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

OneDev.io < 11.0.9 - Arbitrary File Read

Files on the host computer can be accessed by directory traversal. id: CVE-2024-45309 info: name: OneDev.io 11.0.9 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed by directory traversal. impact: | An attacker would be able to view the...

Personal Weather Station Dashboard 12 - Directory Traversal

Personal Weather Station Dashboard 12lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/test.php, as demonstrated by reading the server's private SSL key in cleartext. id: CVE-2025-47423 info: name: Personal Weather...

Horde/Horde Groupware - Local File Inclusion

Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the HordeImage driver name. id: CVE-2009-0932 inf...

Issabel PBX 4.0.0-6 - Directory Listing

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory id: CVE-2023-37599 info: name: Issabel PBX 4.0.0-6 - Directory Listing author: ritikchaddha severity: high description: | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker...

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal

A directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...

WebTitan < 3.60 - Local File Inclusion

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. dot dot in the fname parameter in a view action. id: CVE-2011-4640 info: name: WebTitan 3.60 - Local File Inclusion author: ctflearner severity:...

Chyrp 2.x - Local File Inclusion

A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, a different vulnerability than CVE-2011-2744. id: CVE-2011-2780 info: name: Chyrp 2.x - Local File Inclusion author: daffainf...

Joomla! Component Jfeedback 1.2 - Local File Inclusion

A directory traversal vulnerability in the Ternaria Informatica Jfeedback! comjfeedback component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1478 info: name:...

Joomla! Component MMS Blog 2.3.0 - Local File Inclusion

A directory traversal vulnerability in the MMS Blog commmsblog component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1491 info: name: Joomla! Component MMS Blo...

Joomla! Component Percha Fields Attach 1.0 - Directory Traversal

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion

A directory traversal vulnerability in the iNetLanka Multiple Map commultimap component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1953 info: name: Joomla! Component iNetLanka Multiple Map 1.0 - Local Fil...