10 articles tagged with "Path Traversal"
Two vulnerabilities in AzuraCast radio automation software enable authenticated RCE via path traversal and unauthenticated account takeover through password reset poisoning. Upgrade to 0.23.6 now.
CVE-2026-40050 exposes CrowdStrike LogScale servers to unauthenticated file access via path traversal. CVSS 9.8—here's who's affected and how to patch.
Three vulnerabilities in LangChain and LangGraph expose filesystems, environment secrets, and conversation histories. CVE-2026-34070 enables path traversal. Patches available now.
CVE-2026-22557 lets unauthenticated attackers traverse paths and hijack UniFi Network accounts. CVSS 10.0 severity demands immediate patching to 10.1.89.
CVE-2026-2749 enables unauthenticated attackers to write or delete arbitrary files on Centreon Central Servers. Patches now available for all supported versions.
CVE-2026-2251 is a CVSS 9.8 path traversal vulnerability in Xerox FreeFlow Core that enables unauthenticated remote code execution. Upgrade to version 8.1.0 now.
CVE-2025-8110 allows authenticated attackers to achieve RCE on self-hosted Git servers via path traversal. Over 700 instances already compromised.
CVE-2025-68428 enables path traversal in the popular JavaScript PDF library, allowing attackers to read arbitrary files from Node.js servers and exfiltrate them via generated documents.
CVE-2025-69194 is a path traversal bug in Metalink handling that could let remote attackers write arbitrary files. CVSS 8.8.
CISA adds WinRAR path traversal vulnerability to KEV catalog as Gamaredon, Bitter, and GOFFEE deploy it for espionage and wiper attacks across multiple continents.