All CosmicBytez Labs articles tagged #Path Traversal, across news, security advisories, how-to guides, and projects.
A critical path traversal vulnerability in Tenable Agent 11.2.0 and 11.1.3 and earlier allows a privileged attacker to write arbitrary files outside the intended plugin directory, potentially achieving remote code execution.
Progress Software has confirmed a high-severity path traversal zero-day vulnerability in ShareFile Storage Zone Controller triggered the emergency shutdown order issued to on-premises customers on July 10, 2026. Emergency patches (versions 5.12.5 and 6.0.2) were released July 14, restoring customer access. All 5.x and 6.x versions are affected; cloud-only ShareFile accounts are not impacted.
A critical CVSS 9.1 vulnerability in Crawl4AI before 0.8.7 allows attackers to write arbitrary files anywhere on the host filesystem via the Docker API's /screenshot and /pdf endpoints — patch immediately.
A CVSS 9.9 critical vulnerability in PraisonAI before 4.6.78 allows attackers to write files to arbitrary filesystem locations and execute arbitrary OS...
A critical RCE vulnerability (CVSS 9.6) in JetBrains IntelliJ IDEA before 2026.1.4 allows code execution through path traversal in project workspace ID...
A critical path traversal vulnerability in Dell PowerProtect Data Domain backup appliances allows authenticated low-privilege users to read and write...
A critical path traversal vulnerability in Apache IoTDB's DataNode RPC interface allows unauthenticated attackers to write arbitrary files outside the...
Security firm runZero has disclosed seven vulnerabilities in FatFs, a widely used FAT/exFAT filesystem library embedded in cameras, drones, crypto...
A critical path traversal vulnerability in the fast-mcp-telegram Telegram MCP Server allows attackers to bypass Bearer token authentication and read...
A CVSS 9.1 critical unauthenticated arbitrary file deletion vulnerability in the Printcart Web to Print Product Designer for WooCommerce plugin affects...
Critical path bypass vulnerability in @fastify/middie versions 9.1.0 through 9.3.2 allows attackers to evade middleware protection by exploiting a %2F...
Adobe ColdFusion contains a critical path traversal vulnerability (CWE-22) that enables unauthenticated remote code execution. The flaw is part of Adobe's...
A CVSS 9.9 critical vulnerability in the Paid Videochat Turnkey Site WordPress plugin allows authenticated performer-role users to delete arbitrary files...
Critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.5. Users must upgrade...
A second critical path traversal vulnerability (CVSS 9.1) in Apache IoTDB affects versions 1.0.0 through 1.3.5 and 2.0.0 through 2.0.6. Patch to 1.3.6 or...
A path traversal flaw in Notepad++ v8.9.6.1 allows attackers to bypass the trusted directory plugin verification check using path sequences, potentially...
A critical path traversal vulnerability in Budibase's zip upload endpoint allows attackers to write arbitrary files outside the intended temp directory,...
A critical path traversal vulnerability in the qrscp DICOM application allows unauthenticated attackers to write files to arbitrary server paths via...
A critical path traversal vulnerability in FileRise before 3.16.0 allows unauthenticated attackers to write arbitrary files and completely compromise...
Cisco Catalyst SD-WAN Manager contains a directory path traversal vulnerability allowing an authenticated remote attacker to create or overwrite any file...
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in Langflow, to write arbitrary files on exposed servers....
A CVSS 10.0 path traversal vulnerability in UniFi OS allows an unauthenticated network attacker to read arbitrary files, including sensitive account files...
A critical CVSS 9.1 path traversal vulnerability in SGLang's multimodal AI runtime allows unauthenticated attackers to write arbitrary files anywhere the...
A critical CVSS 9.1 vulnerability in Plack::Middleware::XSendfile versions through 1.0053 allows remote attackers to control the X-Sendfile-Type header,...
ConnectWise ScreenConnect contains a path traversal vulnerability (CVE-2024-1708) that allows attackers to execute remote code or directly access...
A critical path traversal vulnerability in Froxlor's Customers.update and Admins.update API endpoints allows authenticated low-privilege users to traverse...
Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...
A path traversal vulnerability in KodExplorer up to v4.52 allows remote attackers to read arbitrary files via the share.class.php Public Share Handler,...
FalkorDB Browser 1.9.3 contains a critical unauthenticated path traversal vulnerability in its file upload API that allows remote attackers to write...
A critical CVSS 9.8 path traversal vulnerability in goshs, a SimpleHTTPServer written in Go, allows unauthenticated attackers to write arbitrary files via...
A critical path traversal vulnerability in MLflow's extract_archive_to_dir function allows attackers to write arbitrary files outside the intended...
A critical path traversal vulnerability in SiYuan's /api/file/readDir interface allows unauthenticated remote attackers to traverse notebook directories...
A critical CVSS 9.6 vulnerability in TinaCMS prior to 2.1.8 combines a permissive CORS policy with a path traversal flaw, enabling a remote attacker to...
Critical path traversal vulnerability in WinRAR enables ransomware and credential theft as Russian and Chinese threat actors weaponize phishing campaigns...