Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
34 articles

#Path Traversal

All CosmicBytez Labs articles tagged #Path Traversal, across news, security advisories, how-to guides, and projects.

  • SecurityJul 15, 2026

    CVE-2026-15265: Tenable Agent Path Traversal — Arbitrary File Write & RCE (CVSS 9.1)

    A critical path traversal vulnerability in Tenable Agent 11.2.0 and 11.1.3 and earlier allows a privileged attacker to write arbitrary files outside the intended plugin directory, potentially achieving remote code execution.

  • NewsJul 14, 2026

    Progress Confirms ShareFile Zero-Day Flaw Behind Storage Zone Shutdown

    Progress Software has confirmed a high-severity path traversal zero-day vulnerability in ShareFile Storage Zone Controller triggered the emergency shutdown order issued to on-premises customers on July 10, 2026. Emergency patches (versions 5.12.5 and 6.0.2) were released July 14, restoring customer access. All 5.x and 6.x versions are affected; cloud-only ShareFile accounts are not impacted.

  • SecurityJul 13, 2026

    CVE-2026-56260: Crawl4AI Arbitrary File Write in Docker API

    A critical CVSS 9.1 vulnerability in Crawl4AI before 0.8.7 allows attackers to write arbitrary files anywhere on the host filesystem via the Docker API's /screenshot and /pdf endpoints — patch immediately.

  • SecurityJul 12, 2026

    CVE-2026-61445: PraisonAI AICoder Arbitrary File Write and Command Injection via LLM Tool Calls

    A CVSS 9.9 critical vulnerability in PraisonAI before 4.6.78 allows attackers to write files to arbitrary filesystem locations and execute arbitrary OS...

  • SecurityJul 11, 2026

    CVE-2026-59792: JetBrains IntelliJ IDEA Remote Code Execution via Path Traversal

    A critical RCE vulnerability (CVSS 9.6) in JetBrains IntelliJ IDEA before 2026.1.4 allows code execution through path traversal in project workspace ID...

  • SecurityJul 8, 2026

    CVE-2026-53481: Dell PowerProtect Data Domain Path Traversal — CVSS 9.8

    A critical path traversal vulnerability in Dell PowerProtect Data Domain backup appliances allows authenticated low-privilege users to read and write...

  • SecurityJul 7, 2026

    CVE-2026-24014: Apache IoTDB DataNode Path Traversal via Trigger JAR Upload

    A critical path traversal vulnerability in Apache IoTDB's DataNode RPC interface allows unauthenticated attackers to write arbitrary files outside the...

  • NewsJul 3, 2026

    7 Unpatched Flaws Disclosed in FatFs Filesystem Used in Millions of Embedded Devices

    Security firm runZero has disclosed seven vulnerabilities in FatFs, a widely used FAT/exFAT filesystem library embedded in cameras, drones, crypto...

  • SecurityJul 3, 2026

    CVE-2026-52830: fast-mcp-telegram Path Traversal Enables Bearer Token Bypass

    A critical path traversal vulnerability in the fast-mcp-telegram Telegram MCP Server allows attackers to bypass Bearer token authentication and read...

  • SecurityJul 3, 2026

    CVE-2026-9725: Critical WordPress WooCommerce Plugin File Deletion

    A CVSS 9.1 critical unauthenticated arbitrary file deletion vulnerability in the Printcart Web to Print Product Designer for WooCommerce plugin affects...

  • SecurityJul 2, 2026

    CVE-2026-14198: Fastify Middie Middleware Path Bypass (CVSS 9.1)

    Critical path bypass vulnerability in @fastify/middie versions 9.1.0 through 9.3.2 allows attackers to evade middleware protection by exploiting a %2F...

  • SecurityJul 1, 2026

    CVE-2026-48282: Adobe ColdFusion Critical Path Traversal to RCE (CVSS 10.0)

    Adobe ColdFusion contains a critical path traversal vulnerability (CWE-22) that enables unauthenticated remote code execution. The flaw is part of Adobe's...

  • SecurityJun 30, 2026

    CVE-2026-57331: Critical Arbitrary File Deletion in Paid Videochat Turnkey Site

    A CVSS 9.9 critical vulnerability in the Paid Videochat Turnkey Site WordPress plugin allows authenticated performer-role users to delete arbitrary files...

  • SecurityJun 27, 2026

    CVE-2025-55017: Apache IoTDB Critical Path Traversal Vulnerability

    Critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.5. Users must upgrade...

  • SecurityJun 27, 2026

    CVE-2025-64152: Apache IoTDB Second Critical Path Traversal Flaw

    A second critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.6. Patch to 1.3.6 or...

  • SecurityJun 27, 2026

    CVE-2026-52884: Notepad++ Trusted Directory Bypass via Path Traversal (CVSS 7.8)

    A path traversal flaw in Notepad++ v8.9.6.1 allows attackers to bypass the trusted directory plugin verification check using path sequences, potentially...

  • SecurityJun 27, 2026

    CVE-2026-54352: Budibase Zip Upload Path Traversal Enables Remote Code Execution (CVSS 9.6)

    A critical path traversal vulnerability in Budibase's zip upload endpoint allows attackers to write arbitrary files outside the intended temp directory,...

  • SecurityJun 26, 2026

    CVE-2026-56445: DICOM qrscp Path Traversal Enables Arbitrary File Write

    A critical path traversal vulnerability in the qrscp DICOM application allows unauthenticated attackers to write files to arbitrary server paths via...

  • SecurityJun 19, 2026

    CVE-2026-54414: FileRise Path Traversal Enables Arbitrary File Write and Admin Takeover

    A critical path traversal vulnerability in FileRise before 3.16.0 allows unauthenticated attackers to write arbitrary files and completely compromise...

  • SecurityJun 15, 2026

    CVE-2026-20262: Cisco Catalyst SD-WAN Manager Path Traversal Vulnerability

    Cisco Catalyst SD-WAN Manager contains a directory path traversal vulnerability allowing an authenticated remote attacker to create or overwrite any file...

  • NewsJun 10, 2026

    Path Traversal Flaw in AI Dev Platform Langflow Exploited in Attacks

    Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in Langflow, to write arbitrary files on exposed servers....

  • SecurityMay 22, 2026

    CVE-2026-34909 — UniFi OS Path Traversal Leading to Account

    A CVSS 10.0 path traversal vulnerability in UniFi OS allows an unauthenticated network attacker to read arbitrary files, including sensitive account files...

  • SecurityMay 19, 2026

    CVE-2026-7302: SGLang Unauthenticated Path Traversal

    A critical CVSS 9.1 path traversal vulnerability in SGLang's multimodal AI runtime allows unauthenticated attackers to write arbitrary files anywhere the...

  • SecurityApr 30, 2026

    CVE-2026-7381: Plack::Middleware::XSendfile

    A critical CVSS 9.1 vulnerability in Plack::Middleware::XSendfile versions through 1.0053 allows remote attackers to control the X-Sendfile-Type header,...

  • SecurityApr 29, 2026

    CVE-2024-1708: ConnectWise ScreenConnect Path Traversal

    ConnectWise ScreenConnect contains a path traversal vulnerability (CVE-2024-1708) that allows attackers to execute remote code or directly access...

  • SecurityApr 23, 2026

    CVE-2026-41228 — Froxlor Path Traversal via def_language

    A critical path traversal vulnerability in Froxlor's Customers.update and Admins.update API endpoints allows authenticated low-privilege users to traverse...

  • SecurityApr 21, 2026

    CVE-2025-2749: Kentico Xperience Path Traversal

    Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...

  • SecurityApr 19, 2026

    CVE-2026-6568: KodExplorer Path Traversal in Public Share

    A path traversal vulnerability in KodExplorer up to v4.52 allows remote attackers to read arbitrary files via the share.class.php Public Share Handler,...

  • SecurityApr 11, 2026

    CVE-2026-6057: FalkorDB Browser Unauthenticated Path

    FalkorDB Browser 1.9.3 contains a critical unauthenticated path traversal vulnerability in its file upload API that allows remote attackers to write...

  • SecurityApr 7, 2026

    CVE-2026-35392: Critical Path Traversal in goshs Go HTTP

    A critical CVSS 9.8 path traversal vulnerability in goshs, a SimpleHTTPServer written in Go, allows unauthenticated attackers to write arbitrary files via...

  • SecurityMar 30, 2026

    CVE-2025-15036: MLflow Path Traversal in Archive Extraction

    A critical path traversal vulnerability in MLflow's extract_archive_to_dir function allows attackers to write arbitrary files outside the intended...

  • SecurityMar 27, 2026

    CVE-2026-33670: SiYuan readDir Path Traversal Notebook

    A critical path traversal vulnerability in SiYuan's /api/file/readDir interface allows unauthenticated remote attackers to traverse notebook directories...

  • SecurityMar 13, 2026

    Critical CORS + Path Traversal in TinaCMS CLI Dev Server

    A critical CVSS 9.6 vulnerability in TinaCMS prior to 2.1.8 combines a permissive CORS policy with a path traversal flaw, enabling a remote attacker to...

  • SecurityFeb 10, 2026

    WinRAR Path Traversal Flaw CVE-2025-8088 Actively Exploited

    Critical path traversal vulnerability in WinRAR enables ransomware and credential theft as Russian and Chinese threat actors weaponize phishing campaigns...