Total
356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24909 | 2026-01-29 | N/A | 5.9 MEDIUM | ||
| vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction. | |||||
| CVE-2025-67366 | 1 Sylphx | 1 Filesystem-mcp | 2026-01-29 | N/A | 7.5 HIGH |
| @sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from improper symlink handling in the path validation mechanism: the resolvePath function checks path validity before resolving symlinks, while fs.readFile resolves symlinks automatically during file access. This allows attackers to bypass directory restrictions by leveraging symlinks within the allowed directory that point to external files, enabling unauthorized access to files outside the intended operational scope. | |||||
| CVE-2026-23888 | 1 Pnpm | 1 Pnpm | 2026-01-28 | N/A | 6.5 MEDIUM |
| pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../evil` to redirect extracted files outside `targetDir`. The issue impacts all pnpm users who install packages with binary assets, users who configure custom Node.js binary locations and CI/CD pipelines that auto-install binary dependencies. It can lead to overwriting config files, scripts, or other sensitive files leading to RCE. Version 10.28.1 contains a patch. | |||||
| CVE-2026-23890 | 1 Pnpm | 1 Pnpm | 2026-01-28 | N/A | 6.5 MEDIUM |
| pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. This issue affects all pnpm users who install npm packages and CI/CD pipelines using pnpm. It can lead to overwriting config files, scripts, or other sensitive files. Version 10.28.1 contains a patch. | |||||
| CVE-2025-68472 | 1 Mindsdb | 1 Mindsdb | 2026-01-27 | N/A | 8.1 HIGH |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1. | |||||
| CVE-2026-1022 | 1 Gotac | 1 Statistics Database System | 2026-01-23 | N/A | 7.5 HIGH |
| Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | |||||
| CVE-2025-46363 | 1 Dell | 1 Secure Connect Gateway | 2026-01-21 | N/A | 4.3 MEDIUM |
| Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | |||||
| CVE-2024-40588 | 1 Fortinet | 6 Forticamera, Forticamera Firmware, Fortimail and 3 more | 2026-01-14 | N/A | 4.4 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. | |||||
| CVE-2024-2053 | 1 Articatech | 1 Artica Proxy | 2026-01-12 | N/A | 7.5 HIGH |
| The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. | |||||
| CVE-2025-57403 | 1 Abelche | 1 Cola Dnslog | 2026-01-09 | N/A | 7.5 HIGH |
| Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information. | |||||
| CVE-2025-66737 | 1 Yealink | 2 Sip-t21\(p\)e2, Sip-t21\(p\)e2 Firmware | 2026-01-09 | N/A | 4.3 MEDIUM |
| Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component. | |||||
| CVE-2025-25048 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | N/A | 6.5 MEDIUM |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory. | |||||
| CVE-2025-15225 | 1 Sun.net | 1 Wmpro | 2025-12-31 | N/A | 7.5 HIGH |
| WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. | |||||
| CVE-2024-47856 | 1 Rsa | 1 Authentication Agent For Windows | 2025-12-30 | N/A | 9.8 CRITICAL |
| In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve that executable instead of the intended executable. | |||||
| CVE-2024-12642 | 1 Cht | 1 Tenderdoctransfer | 2025-12-23 | N/A | 8.1 HIGH |
| TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user's system. | |||||
| CVE-2024-24578 | 1 Raspberrymatic | 1 Raspberrymatic | 2025-12-23 | N/A | 10.0 CRITICAL |
| RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch. | |||||
| CVE-2025-15015 | 2025-12-23 | N/A | 7.5 HIGH | ||
| Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | |||||
| CVE-2025-66626 | 1 Argoproj | 1 Argo Workflows | 2025-12-19 | N/A | 8.1 HIGH |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5. | |||||
| CVE-2016-20023 | 1 Cksource | 1 Ckfinder | 2025-12-17 | N/A | 5.0 MEDIUM |
| In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. | |||||
| CVE-2025-40605 | 1 Sonicwall | 10 Email Security Appliance 5000, Email Security Appliance 5000 Firmware, Email Security Appliance 5050 and 7 more | 2025-12-12 | N/A | 5.3 MEDIUM |
| A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. | |||||