All CosmicBytez Labs articles tagged #Path Traversal, across news, security advisories, how-to guides, and projects.
A CVSS 10.0 path traversal vulnerability in UniFi OS allows an unauthenticated network attacker to read arbitrary files, including sensitive account files...
A critical CVSS 9.1 path traversal vulnerability in SGLang's multimodal AI runtime allows unauthenticated attackers to write arbitrary files anywhere the...
A critical CVSS 9.1 vulnerability in Plack::Middleware::XSendfile versions through 1.0053 allows remote attackers to control the X-Sendfile-Type header,...
ConnectWise ScreenConnect contains a path traversal vulnerability (CVE-2024-1708) that allows attackers to execute remote code or directly access...
A critical path traversal vulnerability in Froxlor's Customers.update and Admins.update API endpoints allows authenticated low-privilege users to traverse...
Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...
A path traversal vulnerability in KodExplorer up to v4.52 allows remote attackers to read arbitrary files via the share.class.php Public Share Handler,...
FalkorDB Browser 1.9.3 contains a critical unauthenticated path traversal vulnerability in its file upload API that allows remote attackers to write...
A critical CVSS 9.8 path traversal vulnerability in goshs, a SimpleHTTPServer written in Go, allows unauthenticated attackers to write arbitrary files via...
A critical path traversal vulnerability in MLflow's extract_archive_to_dir function allows attackers to write arbitrary files outside the intended...
A critical path traversal vulnerability in SiYuan's /api/file/readDir interface allows unauthenticated remote attackers to traverse notebook directories...
A critical CVSS 9.6 vulnerability in TinaCMS prior to 2.1.8 combines a permissive CORS policy with a path traversal flaw, enabling a remote attacker to...
Critical path traversal vulnerability in WinRAR enables ransomware and credential theft as Russian and Chinese threat actors weaponize phishing campaigns...