Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-39489 |
|
Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
|
| CVE-2026-50877 |
|
Path Traversal in path-traversal (CVE-2026-50877)
path traversal in path-traversal (CVE-2026-50877). Confidential information can be exposed externally.
|
| CVE-2026-50869 |
|
Path Traversal in path-traversal (CVE-2026-50869)
path traversal in path-traversal (CVE-2026-50869). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53571 |
|
Path Traversal in vite (CVE-2026-53571)
path traversal in vite (CVE-2026-53571). Confidential information can be exposed externally. Exploitable via ``server.fs.deny``. Mitigation: upgrade to `6.4.3` or later.
|
| CVE-2026-49356 |
|
Path Traversal in @babel/core (CVE-2026-49356)
path traversal in @babel/core (CVE-2026-49356). Risk of unauthorized operations or information disclosure. Exploitable via ``inputSourceMap``. Mitigation: upgrade to `7.29.6` or later.
|
| CVE-2026-20262 KEV |
|
[KEV] Path Traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262)
path traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
|
| CVE-2016-20081 |
|
Path Traversal in wordpress (CVE-2016-20081)
path traversal in wordpress (CVE-2016-20081). Confidential information can be exposed externally.
|
| CVE-2016-20076 |
|
Path Traversal in wordpress (CVE-2016-20076)
path traversal in wordpress (CVE-2016-20076). Confidential information can be exposed externally.
|
| CVE-2026-12211 |
|
Path Traversal in path-traversal (CVE-2026-12211)
path traversal in path-traversal (CVE-2026-12211). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12198 |
|
Path Traversal in path-traversal (CVE-2026-12198)
path traversal in path-traversal (CVE-2026-12198). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9062 |
|
Path Traversal in wordpress (CVE-2026-9062)
path traversal in wordpress (CVE-2026-9062). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11769 |
|
Path Traversal in github.com/grafana/grafana-operator (CVE-2026-11769)
path traversal in github.com/grafana/grafana-operator (CVE-2026-11769). Successful exploitation can lead to full system takeover. Exploitable via ``Dashboard``. Mitigation: upgrade to `5.24.0` or later.
|
| CVE-2026-12089 |
|
Path Traversal in wordpress (CVE-2026-12089)
path traversal in wordpress (CVE-2026-12089). Confidential information can be exposed externally.
|
| CVE-2026-11442 |
|
Path Traversal in path-traversal (CVE-2026-11442)
path traversal in path-traversal (CVE-2026-11442). Confidential information can be exposed externally.
|
| CVE-2026-53825 |
|
Path Traversal in openclaw (CVE-2026-53825)
path traversal in openclaw (CVE-2026-53825). Confidential information can be exposed externally.
|
| CVE-2026-53519 |
|
Path Traversal in github.com/nezhahq/nezha (CVE-2026-53519)
path traversal in github.com/nezhahq/nezha (CVE-2026-53519). Confidential information can be exposed externally. Exploitable via `GET /dashboard../data/config.yaml`. Mitigation: upgrade to `2.0.13` or later.
|
| CVE-2026-54093 |
|
Path Traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54093)
path traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54093). Risk of unauthorized operations or information disclosure. Exploitable via ``filepath.ToSlash``. Mitigation: upgrade to `2.63.6` or later.
|
| CVE-2026-54094 |
|
Path Traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094)
path traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094). Confidential information can be exposed externally. Exploitable via `GET /api/raw/{path}`. Mitigation: upgrade to `2.63.14` or later.
|
| CVE-2026-54394 |
|
Path Traversal in path-traversal (CVE-2026-54394)
path traversal in path-traversal (CVE-2026-54394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45775 |
|
Path Traversal in path-traversal (CVE-2026-45775)
path traversal in path-traversal (CVE-2026-45775). Confidential information can be exposed externally.
|
| CVE-2026-43872 |
|
Path Traversal in path-traversal (CVE-2026-43872)
path traversal in path-traversal (CVE-2026-43872). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6961 |
|
Path Traversal in path-traversal (CVE-2026-6961)
path traversal in path-traversal (CVE-2026-6961). Data can be tampered with by attackers.
|
| CVE-2026-3840 |
|
Path Traversal in path-traversal (CVE-2026-3840)
path traversal in path-traversal (CVE-2026-3840). Confidential information can be exposed externally.
|
| CVE-2026-44171 |
|
Path Traversal in mariadb (CVE-2026-44171)
path traversal in mariadb (CVE-2026-44171). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11847 |
|
Path Traversal in path-traversal (CVE-2026-11847)
path traversal in path-traversal (CVE-2026-11847). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11846 |
|
Path Traversal in CVE-2026-11846 (CVE-2026-11846)
path traversal in CVE-2026-11846 (CVE-2026-11846). Data can be tampered with by attackers.
|
| CVE-2026-11844 |
|
Path Traversal in CVE-2026-11844 (CVE-2026-11844)
path traversal in CVE-2026-11844 (CVE-2026-11844). Confidential information can be exposed externally.
|
| CVE-2026-47368 |
|
Path Traversal in path-traversal (CVE-2026-47368)
path traversal in path-traversal (CVE-2026-47368). Confidential information can be exposed externally.
|
| CVE-2026-45171 |
|
Path Traversal in paloaltonetworks (CVE-2026-45171)
path traversal in paloaltonetworks (CVE-2026-45171). Successful exploitation can lead to full system takeover.
|
| CVE-2025-24268 |
|
Path Traversal in apple (CVE-2025-24268)
path traversal in apple (CVE-2025-24268). Confidential information can be exposed externally.
|
| CVE-2026-49982 |
|
Vulnerability in tmp (CVE-2026-49982)
vulnerability in tmp (CVE-2026-49982). Data can be tampered with by attackers. Exploitable via ``_assertPath``. Mitigation: upgrade to `0.2.7` or later.
|
| CVE-2026-53777 |
|
Path Traversal in path-traversal (CVE-2026-53777)
path traversal in path-traversal (CVE-2026-53777). Confidential information can be exposed externally.
|
| CVE-2026-11816 |
|
Path Traversal in path-traversal (CVE-2026-11816)
path traversal in path-traversal (CVE-2026-11816). Confidential information can be exposed externally. Exploitable via ``AttributeError``.
|
| CVE-2026-48020 |
|
Vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020)
vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020). Confidential information can be exposed externally. Exploitable via `GET /admin`. Mitigation: upgrade to `2.11.48` or later.
|
| CVE-2026-8464 |
|
Path Traversal in path-traversal (CVE-2026-8464)
path traversal in path-traversal (CVE-2026-8464). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40987 |
|
Path Traversal in CVE-2026-40987 (CVE-2026-40987)
path traversal in CVE-2026-40987 (CVE-2026-40987). Data can be tampered with by attackers.
|
| CVE-2026-52726 |
|
Path Traversal in dulwich (CVE-2026-52726)
path traversal in dulwich (CVE-2026-52726). Risk of unauthorized operations or information disclosure. Exploitable via ``dulwich.porcelain.submodule_update``. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-49219 |
|
Path Traversal in Magick.NET-Q16-AnyCPU (CVE-2026-49219)
path traversal in Magick.NET-Q16-AnyCPU (CVE-2026-49219). Confidential information can be exposed externally. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-45380 |
|
Path Traversal in c (CVE-2026-45380)
path traversal in c (CVE-2026-45380). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0270 |
|
Path Traversal in path-traversal (CVE-2026-0270)
path traversal in path-traversal (CVE-2026-0270). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50567 |
|
Path Traversal in CVE-2026-50567 (CVE-2026-50567)
path traversal in CVE-2026-50567 (CVE-2026-50567). Data can be tampered with by attackers.
|
| CVE-2026-45569 |
|
Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
|
| CVE-2026-45565 |
|
Vulnerability in nginx (CVE-2026-45565)
vulnerability in nginx (CVE-2026-45565). Confidential information can be exposed externally.
|
| CVE-2026-53476 |
|
Vulnerability in path-traversal (CVE-2026-53476)
vulnerability in path-traversal (CVE-2026-53476). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45556 |
|
Vulnerability in nginx (CVE-2026-45556)
vulnerability in nginx (CVE-2026-45556). Successful exploitation can lead to full system takeover. Exploitable via `POST /waf/`.
|
| CVE-2026-52755 |
|
Path Traversal in path-traversal (CVE-2026-52755)
path traversal in path-traversal (CVE-2026-52755). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52752 |
|
Path Traversal in path-traversal (CVE-2026-52752)
path traversal in path-traversal (CVE-2026-52752). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52756 |
|
Path Traversal in path-traversal (CVE-2026-52756)
path traversal in path-traversal (CVE-2026-52756). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49497 |
|
Path Traversal in path-traversal (CVE-2026-49497)
path traversal in path-traversal (CVE-2026-49497). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24717 |
|
Path Traversal in path-traversal (CVE-2026-24717)
path traversal in path-traversal (CVE-2026-24717). Confidential information can be exposed externally.
|