Search Results (9617 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-4280 2 Doctorwp, Wordpress 2 Breaking News Wp, Wordpress 2026-04-23 6.5 Medium
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwp_theme option value is passed directly to an include() statement in the brnwp_show_breaking_news_wp() shortcode handler. While sanitize_text_field() is applied to user input, it does not strip directory traversal sequences (../). This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the brnwp_theme option with a directory traversal payload (e.g., ../../../../etc/passwd) and subsequently trigger file inclusion of arbitrary files on the server when the shortcode is rendered.
CVE-2026-41245 2 Junrar, Junrar Project 2 Junrar, Junrar 2026-04-23 5.9 Medium
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.
CVE-2026-5795 1 Eclipse 1 Jetty 2026-04-23 7.4 High
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.
CVE-2024-0402 1 Gitlab 1 Gitlab 2026-04-23 9.9 Critical
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
CVE-2006-5981 1 Biba Software 1 Seleniumserver Ftp Server 2026-04-23 N/A
Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary files via directory traversal sequences in the (1) DIR (LIST or NLST), (2) GET (RETR), and (3) PUT (STOR) commands.
CVE-2008-2896 1 Getfireant 1 Fireant 2026-04-23 N/A
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0156 1 Million Dollar Script 1 Million Dollar Script 2026-04-23 N/A
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
CVE-2008-0158 1 Shop-script 1 Shop-script 2026-04-23 N/A
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
CVE-2008-3677 1 Openfreeway 1 Freeway 2026-04-23 N/A
Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
CVE-2008-2534 1 Fkrauthan 1 Phoenix View Cms 2026-04-23 N/A
Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter.
CVE-2008-3446 1 Letterit 1 Letterit 2026-04-23 N/A
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-0393 1 Gradman 1 Gradman 2026-04-23 N/A
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
CVE-2008-0814 1 Truc 1 Truc 2026-04-23 N/A
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
CVE-2009-1737 1 Diqiye 1 Mypic 2026-04-23 N/A
Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter.
CVE-2009-1748 1 Joost Horward 1 Catviz 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.
CVE-2008-1301 1 Alkacon 1 Opencms 2026-04-23 N/A
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.
CVE-2009-2112 1 Frank-karau 1 Phpfk 2026-04-23 N/A
Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter.
CVE-2009-4512 1 Indymedia 1 Oscailt 2026-04-23 N/A
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter.
CVE-2009-2166 2 Ocsinventory-ng, Unix 2 Ocs Inventory Ng, Unix 2026-04-23 N/A
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
CVE-2009-2161 1 Torrenttrader 1 Torrenttrader Classic 2026-04-23 N/A
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name.