CVE-2026-34447

A flaw was found in Open Neural Network Exchange ONNX. This symlink traversal vulnerability in external data loading allows a local attacker to read sensitive files outside the intended model directory. By tricking a user into loading a specially crafted ONNX model, an attacker can gain...

GHSA-F7XC-5852-FJ99 Saloon has a Fixture Name Path Traversal Vulnerability

Impact Users with MockResponse fixtures that use path traversal. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description Fixture names were used to build file paths under the configured fixture directory without validation. A name containin...

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

PT-2026-8044

The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied first file parameter in the zip function. This makes it possible for authenticated attackers, with...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework. An attacker can exploit the vulnerability to read files outside of the servi...

Improper Input Validation

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation through the PHP filter chain. An attacker with administrative privileges can read files from the system outside of the intended directories and...

KasmVNC Security Breach

KasmVNC is a remote desktop software from Kasm. A security vulnerability exists in KasmVNC 1.3.1 and earlier versions that stems from a directory traversal vulnerability that allows a remote, authenticated attacker to browse the parent directory and read the contents of files outside the scope of...

CVE-2020-10631

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's versions prior to 3.0.2 control...

CVE-2017-2829

An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters...