Total
378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-33206 | 1 Calibre-ebook | 1 Calibre | 2026-03-30 | N/A | 6.3 MEDIUM |
| calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix. | |||||
| CVE-2026-31831 | 2026-03-30 | N/A | N/A | ||
| Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0. | |||||
| CVE-2026-33494 | 2026-03-30 | N/A | 10.0 CRITICAL | ||
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. Version 26.2.0 contains a patch. | |||||
| CVE-2026-4415 | 2026-03-30 | N/A | 8.1 HIGH | ||
| Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation. | |||||
| CVE-2026-27625 | 1 Stirling | 1 Stirling Pdf | 2026-03-24 | N/A | 8.1 HIGH |
| Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary working directory, leading to arbitrary file write with the privileges of the Stirling-PDF process user (stirlingpdfuser). This can overwrite writable files and compromise data integrity, with further impact depending on writable paths. The issue was fixed in version 2.5.2. | |||||
| CVE-2026-29098 | 1 Suitecrm | 1 Suitecrm | 2026-03-24 | N/A | 4.9 MEDIUM |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `action_exportCustom` function in `modules/ModuleBuilder/controller.php` fails to properly neutralize path traversal sequences in the `$modules` and `$name` parameters. Both parameters later reach the `exportCustom` function in `modules/ModuleBuilder/MB/MBPackage.php` where they are both utilized in constructing s paths for file reading and writing. As such, it is possible for a user with access to the ModuleBuilder module, generally an administrator, to craft a request that can copy the content of any readable directory on the underlying host into the web root, making them readable. As the `ModuleBuilder` module is part of both major versions 7 and 8, both current major versions are affected. This vulnerability allows an attacker to copy any readable directory into the web root. This includes system files like the content of `/etc, or the root directory of the web server, potentially exposing secrets and environment variables. Versions 7.15.1 and 8.9.3 patch the issue. | |||||
| CVE-2026-29101 | 1 Suitecrm | 1 Suitecrm | 2026-03-24 | N/A | 4.9 MEDIUM |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service (DoS) vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue. | |||||
| CVE-2026-30345 | 2026-03-19 | N/A | 7.5 HIGH | ||
| A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import. | |||||
| CVE-2026-29778 | 1 Pyload-ng Project | 1 Pyload-ng | 2026-03-11 | N/A | 7.1 HIGH |
| pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. This issue has been patched in version 0.5.0b3.dev97. | |||||
| CVE-2025-15015 | 1 Ragic | 1 Enterprise Cloud Database | 2026-03-05 | N/A | 7.5 HIGH |
| Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | |||||
| CVE-2026-1762 | 2026-03-04 | N/A | 2.9 LOW | ||
| A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. | |||||
| CVE-2026-21659 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-03-02 | N/A | 9.8 CRITICAL |
| Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior. | |||||
| CVE-2026-27117 | 1 Rikyoz | 1 Bit7z | 2026-02-25 | N/A | 5.5 MEDIUM |
| bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive entries, allowing files to be written outside the intended extraction directory through three distinct mechanisms: relative path traversal, absolute path traversal, and symbolic link traversal. An attacker can exploit this by providing a malicious archive to any application that uses bit7z to extract untrusted archives. Successful exploitation results in arbitrary file write with the privileges of the process performing the extraction. This could lead to overwriting of application binaries, configuration files, or other sensitive data. The vulnerability does not directly enable reading of file contents; the confidentiality impact is limited to the calling application's own behavior after extraction. However, applications that subsequently serve or display extracted files may face secondary confidentiality risks from attacker-created symlinks. Fixes have been released in version 4.0.11. If upgrading is not immediately possible, users can mitigate the vulnerability by validating each entry's destination path before writing. Other mitigations include running extraction with least privilege and extracting untrusted archives in a sandboxed directory. | |||||
| CVE-2025-62878 | 2026-02-25 | N/A | 9.9 CRITICAL | ||
| A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. | |||||
| CVE-2026-27202 | 1 Getsimple-ce | 1 Getsimple Cms | 2026-02-24 | N/A | 7.5 HIGH |
| GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication. | |||||
| CVE-2026-25121 | 1 Chainguard | 1 Apko | 2026-02-20 | N/A | 7.5 HIGH |
| apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package (e.g., via a compromised or typosquatted repository) could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink methods in pkg/apk/fs/rwosfs.go use filepath.Join() without validating that the resulting path stays within the base directory. This issue has been patched in version 1.1.1. | |||||
| CVE-2026-26362 | 1 Dell | 1 Unisphere For Powermax | 2026-02-20 | N/A | 8.1 HIGH |
| Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files. | |||||
| CVE-2026-2818 | 2026-02-20 | N/A | 8.2 HIGH | ||
| A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only. | |||||
| CVE-2025-68472 | 1 Mindsdb | 1 Mindsdb | 2026-02-20 | N/A | 8.1 HIGH |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1. | |||||
| CVE-2026-21620 | 2026-02-20 | N/A | N/A | ||
| Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0. | |||||