Total
8946 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20174 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Insights | 2026-04-03 | 4.9 Medium |
| A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments. | ||||
| CVE-2026-3987 | 1 Watchguard | 1 Fireware Os | 2026-04-03 | N/A |
| A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2. | ||||
| CVE-2026-5331 | 1 Opencart | 1 Opencart | 2026-04-03 | 4.7 Medium |
| A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5344 | 1 Textpattern | 1 Textpattern | 2026-04-03 | 6.3 Medium |
| A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release. | ||||
| CVE-2022-21693 | 1 Onionshare | 1 Onionshare | 2026-04-03 | 6.3 Medium |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release. | ||||
| CVE-2025-69874 | 1 Unjs | 1 Nanotar | 2026-04-03 | 9.8 Critical |
| nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence. | ||||
| CVE-2026-33528 | 2 Godoxy, Yusing | 2 Godoxy, Godoxy | 2026-04-03 | 6.5 Medium |
| GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at `/api/v1/file/content` is vulnerable to path traversal. The `filename` query parameter is passed directly to `path.Join(common.ConfigBasePath, filename)` where `ConfigBasePath = "config"` (a relative path). No sanitization or validation is applied beyond checking that the field is non-empty (`binding:"required"`). An authenticated attacker can use `../` sequences to read or write files outside the intended `config/` directory, including TLS private keys, OAuth refresh tokens, and any file accessible to the container's UID. Version 0.27.5 fixes the issue. | ||||
| CVE-2026-33529 | 2 Tobychui, Zoraxy | 2 Zoraxy, Zoraxy | 2026-04-03 | 3.3 Low |
| Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Version 3.3.2 patches the issue. | ||||
| CVE-2026-29871 | 2 Shubhamsaboo, Theunwindai | 2 Awesome-llm-apps, Awesome Llm Apps | 2026-04-03 | 7.5 High |
| A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path parameter that is concatenated into a filesystem path without proper validation or restriction. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files from the server filesystem, potentially disclosing sensitive information such as configuration files and credentials. | ||||
| CVE-2026-34070 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain | 2026-04-03 | 7.5 High |
| LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to load_prompt() or load_prompt_from_config(), an attacker can read arbitrary files on the host filesystem, constrained only by file-extension checks (.txt for templates, .json/.yaml for examples). This issue has been patched in version 1.2.22. | ||||
| CVE-2026-27101 | 1 Dell | 1 Secure Connect Gateway | 2026-04-03 | 4.7 Medium |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution. | ||||
| CVE-2026-28265 | 1 Dell | 14 Powerstore, Powerstore 1000t, Powerstore 1200t and 11 more | 2026-04-03 | 4.4 Medium |
| PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. | ||||
| CVE-2026-29870 | 1 Kayba-ai | 1 Agentic-context-engine | 2026-04-03 | 7.6 High |
| A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context. | ||||
| CVE-2026-30940 | 2 Basercms, Baserproject | 2 Basercms, Basercms | 2026-04-03 | 7.2 High |
| baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3. | ||||
| CVE-2026-30403 | 2 Tianshiyeben, Wgstart | 2 Wgcloud, Wgcloud | 2026-04-02 | 7.5 High |
| There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server. | ||||
| CVE-2025-43537 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-02 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2025-43417 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access user-sensitive data. | ||||
| CVE-2024-54535 | 1 Apple | 4 Ipados, Iphone Os, Visionos and 1 more | 2026-04-02 | 4 Medium |
| A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders. | ||||
| CVE-2024-54520 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files. | ||||
| CVE-2024-54489 | 1 Apple | 1 Macos | 2026-04-02 | 5.3 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Running a mount command may unexpectedly execute arbitrary code. | ||||