CVE-2026-54917 — CVSS 10.0 (critical): SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and…
CVE-2026-11429: Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a…
CVE-2026-7411 — CVSS 10.0 (critical): In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an…
CVE-2026-36767 — CVSS 10.0 (critical): A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any…
CVE-2026-41211 — CVSS 10.0 (critical): Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted…
CVE-2026-39861 — CVSS 10.0 (critical): Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating…
CVE-2026-33054 — CVSS 10.0 (critical): Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal…
CVE-2026-22557 — CVSS 10.0 (critical): A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access…
CVE-2026-27897 — CVSS 10.0 (critical): Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in…
CVE-2026-2731: Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated…
CVE-2025-69770 — CVSS 10.0 (critical): A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary…
CVE-2025-64075 — CVSS 10.0 (critical): A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to…
CVE-2025-63414 — CVSS 10.0 (critical): A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary…
CVE-2025-54261 — CVSS 10.0 (critical): ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory…
CVE-2024-13984: QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component…
CVE-2024-13981: LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload…
CVE-2023-7309: A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus…
CVE-2025-9118: A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write…
CVE-2025-34040: An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId…
CVE-2025-52562 — CVSS 10.0 (critical): Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal…
CVE-2025-26615 — CVSS 10.0 (critical): WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was…
CVE-2025-24786 — CVSS 10.0 (critical): WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`…
CVE-2024-43955 — CVSS 10.0 (critical): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This…
CVE-2024-40629 — CVSS 10.0 (critical): JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to…
CVE-2024-40628 — CVSS 10.0 (critical): JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to…
CVE-2024-37902 — CVSS 10.0 (critical): DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path…
CVE-2024-2227 — CVSS 10.0 (critical): This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in…
CVE-2024-23652 — CVSS 10.0 (critical): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit…
CVE-2023-26045 — CVSS 10.0 (critical): NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring…
CVE-2023-2825 — CVSS 10.0 (critical): An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal…
CVE-2022-1518 — CVSS 10.0 (critical): LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
CVE-2021-38454 — CVSS 10.0 (critical): A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or…
CVE-2019-18253 — CVSS 10.0 (critical): An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26…
CVE-2017-12815 — CVSS 10.0 (critical): Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal…
CVE-2015-4716 — CVSS 10.0 (critical): Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows…
CVE-2015-6459 — CVSS 10.0 (critical): Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET…
CVE-2015-0779 — CVSS 10.0 (critical): Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote…
CVE-2010-5324 — CVSS 10.0 (critical): Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10…
CVE-2010-5323 — CVSS 10.0 (critical): Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10…
CVE-2015-4031 — CVSS 10.0 (critical): Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to…
CVE-2015-0984 — CVSS 10.0 (critical): Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O…
CVE-2014-0605 — CVSS 10.0 (critical): Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote…
CVE-2014-0604 — CVSS 10.0 (critical): Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote…