Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42351 |
|
Path Traversal in CVE-2026-42351 (CVE-2026-42351)
path traversal in CVE-2026-42351 (CVE-2026-42351). Confidential information can be exposed externally.
|
| CVE-2026-7807 |
|
Path Traversal in CVE-2026-7807 (CVE-2026-7807)
path traversal in CVE-2026-7807 (CVE-2026-7807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42353 |
|
Path Traversal in express (CVE-2026-42353)
path traversal in express (CVE-2026-42353). Confidential information can be exposed externally.
|
| CVE-2026-41693 |
|
Path Traversal in CVE-2026-41693 (CVE-2026-41693)
path traversal in CVE-2026-41693 (CVE-2026-41693). Confidential information can be exposed externally.
|
| CVE-2026-41690 |
|
Path Traversal in express (CVE-2026-41690)
path traversal in express (CVE-2026-41690). Data can be tampered with by attackers.
|
| CVE-2026-44340 |
|
Path Traversal in praison (CVE-2026-44340)
path traversal in praison (CVE-2026-44340). Data can be tampered with by attackers.
|
| CVE-2026-41491 |
|
Path Traversal in path-traversal (CVE-2026-41491)
path traversal in path-traversal (CVE-2026-41491). Confidential information can be exposed externally.
|
| CVE-2026-43940 |
|
Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
|
| CVE-2026-42275 |
|
Path Traversal in path-traversal (CVE-2026-42275)
path traversal in path-traversal (CVE-2026-42275). Confidential information can be exposed externally.
|
| CVE-2026-35397 |
|
Path Traversal in jupyter-server (CVE-2026-35397)
path traversal in jupyter-server (CVE-2026-35397). Confidential information can be exposed externally. Exploitable via ``root_dir``. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2024-1708 KEV |
|
[KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7399 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57728 KEV |
|
[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2749 KEV |
|
[KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-8110 KEV |
|
[KEV] Path Traversal in gogs (CVE-2025-8110)
path traversal in gogs (CVE-2025-8110). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-6218 KEV |
|
[KEV] Path Traversal in Rarlab winrar (CVE-2025-6218)
path traversal in Rarlab winrar (CVE-2025-6218). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-43798 KEV |
|
[KEV] Path Traversal in Grafana labs grafana-labs (CVE-2021-43798)
path traversal in Grafana labs grafana-labs (CVE-2021-43798). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-5418 KEV |
|
[KEV] Path Traversal in rails (CVE-2019-5418)
path traversal in rails (CVE-2019-5418). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-0769 KEV |
|
[KEV] Path Traversal in D-link dir-859-router (CVE-2024-0769)
path traversal in D-link dir-859-router (CVE-2024-0769). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4632 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2025-4632)
path traversal in Samsung magicinfo-9-server (CVE-2025-4632). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38950 KEV |
|
[KEV] Path Traversal in Zkteco biotime (CVE-2023-38950)
path traversal in Zkteco biotime (CVE-2023-38950). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-27920 KEV |
|
[KEV] Path Traversal in Srimax output-messenger (CVE-2025-27920)
path traversal in Srimax output-messenger (CVE-2025-27920). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34028 KEV |
|
[KEV] Path Traversal in Commvault command-center (CVE-2025-34028)
path traversal in Commvault command-center (CVE-2025-34028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-12637 KEV |
|
[KEV] Path Traversal in Sap netweaver (CVE-2017-12637)
path traversal in Sap netweaver (CVE-2017-12637). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-4885 KEV |
|
[KEV] Path Traversal in Progress whatsup-gold (CVE-2024-4885)
path traversal in Progress whatsup-gold (CVE-2024-4885). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57727 KEV |
|
[KEV] Path Traversal in simplehelp (CVE-2024-57727)
path traversal in simplehelp (CVE-2024-57727). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-55550 KEV |
|
[KEV] Path Traversal in Mitel micollab (CVE-2024-55550)
path traversal in Mitel micollab (CVE-2024-55550). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-41713 KEV |
|
[KEV] Path Traversal in Mitel micollab (CVE-2024-41713)
path traversal in Mitel micollab (CVE-2024-41713). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-11667 KEV |
|
[KEV] Path Traversal in Zyxel multiple-firewalls (CVE-2024-11667)
path traversal in Zyxel multiple-firewalls (CVE-2024-11667). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-26086 KEV |
|
[KEV] Path Traversal in Atlassian jira-server-and-data-center (CVE-2021-26086)
path traversal in Atlassian jira-server-and-data-center (CVE-2021-26086). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-16278 KEV |
|
[KEV] Path Traversal in Nostromo nhttpd (CVE-2019-16278)
path traversal in Nostromo nhttpd (CVE-2019-16278). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-8963 KEV |
|
[KEV] Path Traversal in Ivanti cloud-services-appliance-csa (CVE-2024-8963)
path traversal in Ivanti cloud-services-appliance-csa (CVE-2024-8963). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-20123 KEV |
|
[KEV] Path Traversal in Draytek vigorconnect (CVE-2021-20123)
path traversal in Draytek vigorconnect (CVE-2021-20123). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7262 KEV |
|
[KEV] Path Traversal in Kingsoft wps-office (CVE-2024-7262)
path traversal in Kingsoft wps-office (CVE-2024-7262). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-20124 KEV |
|
[KEV] Path Traversal in Draytek vigorconnect (CVE-2021-20124)
path traversal in Draytek vigorconnect (CVE-2021-20124). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-32113 KEV |
|
[KEV] Path Traversal in Apache ofbiz (CVE-2024-32113)
path traversal in Apache ofbiz (CVE-2024-32113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-28995 KEV |
|
[KEV] Path Traversal in Solarwinds serv-u (CVE-2024-28995)
path traversal in Solarwinds serv-u (CVE-2024-28995). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-47246 KEV |
|
[KEV] Path Traversal in sysaid (CVE-2023-47246)
path traversal in sysaid (CVE-2023-47246). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-32315 KEV |
|
[KEV] Path Traversal in Ignite realtime ignite-realtime (CVE-2023-32315)
path traversal in Ignite realtime ignite-realtime (CVE-2023-32315). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-35081 KEV |
|
[KEV] Path Traversal in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35081)
path traversal in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35081). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41328 KEV |
|
[KEV] Path Traversal in Fortinet fortios (CVE-2022-41328)
path traversal in Fortinet fortios (CVE-2022-41328). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-5430 KEV |
|
[KEV] Path Traversal in Tibco jasperreports (CVE-2018-5430)
path traversal in Tibco jasperreports (CVE-2018-5430). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-18809 KEV |
|
[KEV] Path Traversal in Tibco jasperreports (CVE-2018-18809)
path traversal in Tibco jasperreports (CVE-2018-18809). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26500 KEV |
|
[KEV] Path Traversal in Veeam backup-replication (CVE-2022-26500)
path traversal in Veeam backup-replication (CVE-2022-26500). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41352 KEV |
|
[KEV] Path Traversal in Synacor zimbra-collaboration-suite-zcs (CVE-2022-41352)
path traversal in Synacor zimbra-collaboration-suite-zcs (CVE-2022-41352). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-36193 KEV |
|
[KEV] Path Traversal in Pear archive-tar (CVE-2020-36193)
path traversal in Pear archive-tar (CVE-2020-36193). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26352 KEV |
|
[KEV] Path Traversal in dotcms (CVE-2022-26352)
path traversal in dotcms (CVE-2022-26352). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-27925 KEV |
|
[KEV] Path Traversal in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27925)
path traversal in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27925). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-30333 KEV |
|
[KEV] Path Traversal in Rarlab unrar (CVE-2022-30333)
path traversal in Rarlab unrar (CVE-2022-30333). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-7195 KEV |
|
[KEV] Path Traversal in Qnap photo-station (CVE-2019-7195)
path traversal in Qnap photo-station (CVE-2019-7195). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|