CVE-2025-34392 — CVSS 9.8 (critical): Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an…
CVE-2025-0851 — CVSS 9.8 (critical): A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files…
CVE-2024-9924 — CVSS 9.8 (critical): The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote…
CVE-2024-20401 — CVSS 9.8 (critical): A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote…
CVE-2024-10833 — CVSS 9.1 (critical): eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as…
CVE-2024-10831 — CVSS 9.1 (critical): In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows…
CVE-2025-7846 — CVSS 8.8 (high): The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in…
CVE-2025-57790 — CVSS 8.8 (high): A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path…
CVE-2025-6381 — CVSS 8.8 (high): The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the…
CVE-2024-8501 — CVSS 8.8 (high): An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This…
CVE-2026-32997: A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup &…
CVE-2024-33620 — CVSS 8.6 (high): Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the…
CVE-2026-26337 — CVSS 8.2 (high): Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery…
CVE-2025-36574 — CVSS 8.2 (high): Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with…
CVE-2025-13282 — CVSS 8.1 (high): TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web…
CVE-2024-12646 — CVSS 8.1 (high): The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and…
CVE-2024-12643 — CVSS 8.1 (high): The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and…
CVE-2025-36357 — CVSS 8.0 (high): IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An…
CVE-2025-46822: OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit…
CVE-2024-45290 — CVSS 7.7 (high): PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file…
CVE-2026-10044 — CVSS 7.5 (high): Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on…
CVE-2026-35465 — CVSS 7.5 (high): SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop…
CVE-2026-34515 — CVSS 7.5 (high): AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource…
CVE-2026-4373 — CVSS 7.5 (high): The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including…
CVE-2026-0846 — CVSS 7.5 (high): A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper…
CVE-2026-2753 — CVSS 7.5 (high): An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize…
CVE-2026-1330 — CVSS 7.5 (high): MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit…
CVE-2026-1018 — CVSS 7.5 (high): Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to…
CVE-2025-5927 — CVSS 7.5 (high): The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2024-11978 — CVSS 7.5 (high): DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to…
CVE-2024-8497 — CVSS 7.5 (high): Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker…
CVE-2024-28806 — CVSS 7.5 (high): An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.
CVE-2024-6250 — CVSS 7.5 (high): An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of…
CVE-2025-8575 — CVSS 7.2 (high): The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2025-9518 — CVSS 7.2 (high): The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path'…
CVE-2025-8213 — CVSS 7.2 (high): The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
CVE-2025-4799 — CVSS 7.2 (high): The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can…
CVE-2024-48850 — CVSS 7.2 (high): Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects…
CVE-2025-13283 — CVSS 7.1 (high): TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local…
CVE-2024-6854 — CVSS 7.1 (high): In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a…
CVE-2024-12644 — CVSS 7.1 (high): The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides…
CVE-2026-53698 — CVSS 6.5 (medium): Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set.