CVE-2026-44012

Craft CMS is a content management system CMS. From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking...

CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-6591

ComfyUI up to 0.13.0 is affected by a path traversal in the LoadImage Node’s folder_paths.get_annotated_filepath (folder_paths.py). The vulnerability arises from manipulating the Name argument, enabling remote exploitation. An exploit has been published; vendor was contacted but did not respond. ...

EUVD-2026-23735

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

ComfyUI 安全漏洞

ComfyUI is the most powerful and modular diffusion model GUI and backend developed by comfyanonymous individuals. Versions of ComfyUI prior to 0.13.0 contain security vulnerabilities, which stem from improper handling of parameter names in the folderpaths.getannotatedfilepath function within fold...

PT-2026-33660

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder paths.get annotated filepath of the file folder paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has bee...

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program open-sourced by Nextcloud. A security vulnerability exists in Nextcloud Server that stems from improper handling of group folder paths, which could lead to incomplete logging...

CVE-2025-55202

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

Microsoft SharePoint Information Disclosure Vulnerability (CNVD-2020-61033)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An information...

Microsoft SharePoint Server Information Disclosure Vulnerability (CNVD-2020-63720)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...