45 matches found
Yeswiki < 4.5.2 - Unauthenticated Path Traversal
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. id: CVE-2025-31131 info: name: Yeswiki 4.5.2 - Unauthenticated Path Traversal author: iamnoooob,rootxharsh,pdresearch severity: high...
PT-2026-49525
Unauthenticated Path Traversal in FastDup = 2.7.2 versions...
EUVD-2026-36234
Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue has been fixed in version 11.6.0...
UniFi Network Application Path Traversal Vulnerability Assessment Tool
This tool lets you safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557 without causing any disruption. CVE-2026-22557 is an unauthenticated path traversal vulnerability in the UniFi Network Application's guest captive portal that allows remote attackers to...
Exploit for CVE-2026-22557
CVE-2026-22557 Vulnerability Assessment Tool Safely detect wh...
CVE-2026-42564 jotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impact
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
EUVD-2026-28587
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a security vulnerability. This vulnerability stemmed from the identifier parameter in/api/app/attachment/preview, where...
PT-2026-38959
Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description An unauthenticated path traversal issue exists in the '/api.app/attachment/preview' endpoint. This allows remote attackers to read arbitrary local files and trigger the deletio...
EUVD-2026-21517
Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read...
CVE-2026-6057
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution...
CVE-2026-6057
CVE-2026-6057 affects FalkorDB Browser 1.9.3 through an unauthenticated path traversal in the file upload API, allowing remote attackers to write arbitrary files and achieve remote code execution. The issue is confirmed by multiple sources (NVD/ENISA/CVE lists) and is described in PT-Security as ...
Text Generation Web UI 安全漏洞
Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained security vulnerabilities. These vulnerabilities stemmed from an unauthenticated path traversal vulnerability in the loadgrammar function, whi...
CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...
PYSEC-2026-90
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...
CVE-2025-66251
Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz...
EUVD-2020-3206
Malware in sbrugna...
CVE-2024-26293
The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...
CVE-2024-26293
The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...
CVE-2024-26293 Unauthenticated Path Traversal affecting Avid NEXIS
The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...