4 articles tagged with "Path Traversal"
CVE-2025-8110 allows authenticated attackers to achieve RCE on self-hosted Git servers via path traversal. Over 700 instances already compromised.
CVE-2025-68428 enables path traversal in the popular JavaScript PDF library, allowing attackers to read arbitrary files from Node.js servers and exfiltrate them via generated documents.
CVE-2025-69194 is a path traversal bug in Metalink handling that could let remote attackers write arbitrary files. CVSS 8.8.
CISA adds WinRAR path traversal vulnerability to KEV catalog as Gamaredon, Bitter, and GOFFEE deploy it for espionage and wiper attacks across multiple continents.