Total
8601 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35050 | 1 Oobabooga | 1 Text-generation-webui | 2026-04-07 | 9.1 Critical |
| text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, this python file can be triggered to get executed from "Model" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1. | ||||
| CVE-2026-35167 | 1 Kedro-org | 1 Kedro | 2026-04-07 | 7.1 High |
| Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory. This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0. | ||||
| CVE-2026-35174 | 1 Xenocrat Project | 1 Chyrp-lite | 2026-04-07 | 9.1 Critical |
| Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026.01. | ||||
| CVE-2026-35177 | 1 Vim | 1 Vim | 2026-04-07 | 4.1 Medium |
| Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280. | ||||
| CVE-2026-35392 | 1 Patrickhener | 1 Goshs | 2026-04-07 | N/A |
| goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3. | ||||
| CVE-2026-35393 | 1 Patrickhener | 1 Goshs | 2026-04-07 | N/A |
| goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3. | ||||
| CVE-2026-35471 | 1 Patrickhener | 1 Goshs | 2026-04-07 | N/A |
| goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3. | ||||
| CVE-2026-35454 | 1 Coder | 1 Code-marketplace | 2026-04-07 | N/A |
| The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback that wrote files via filepath.Join with no boundary check; filepath.Join resolved .. components but did not prevent the result from escaping the base path. This vulnerability is fixed in 2.4.2. | ||||
| CVE-2026-33227 | 2026-04-07 | N/A | ||
| Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances (when creating a Stomp consumer and also browsing messages in the Web console) an authenticated user provided "key" value could be constructed to traverse the classpath due to path concatenation. As a result, the application is exposed to a classpath path resource loading vulnerability that could potentially be chained together with another attack to lead to exploit.This issue affects Apache ActiveMQ Client: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ Broker: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ All: before 5.19.3, from 6.0.0 before 6.2.2. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue. Note: 5.19.3 and 6.2.2 also fix this issue, but that is limited to non-Windows environments due to a path separator resolution bug fixed in 5.19.4 and 6.2.3. | ||||
| CVE-2026-30277 | 1 Triumph-adler | 1 Mobile Print | 2026-04-07 | 8.4 High |
| An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | ||||
| CVE-2026-30278 | 2 Fly Is Fun, Funair | 2 Aviation Navigation, Fly Is Fun | 2026-04-07 | 9.8 Critical |
| An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | ||||
| CVE-2026-30279 | 1 Squareapps | 2 My Location, My Location Travel Timeline | 2026-04-07 | 8.4 High |
| An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | ||||
| CVE-2026-30283 | 1 Peaksel | 1 Animal Sounds And Ringtones | 2026-04-07 | 9.8 Critical |
| An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | ||||
| CVE-2026-30286 | 1 Funambol | 2 Zefiro, Zefiro Cloud | 2026-04-07 | 9.8 Critical |
| An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | ||||
| CVE-2025-10559 | 2 3ds, Dassault Systèmes | 2 3dexperience, Delmia Factory Resource Manager | 2026-04-07 | 7.1 High |
| A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server. | ||||
| CVE-2026-34726 | 1 Copier-org | 1 Copier | 2026-04-07 | 4.4 Medium |
| Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when selecting the template root. As a result, a template can escape its own directory and make Copier render files from the parent directory without --UNSAFE. This issue has been patched in version 9.14.1. | ||||
| CVE-2026-34730 | 1 Copier-org | 1 Copier | 2026-04-07 | 5.5 Medium |
| Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local files that are accessible to the user running Copier and expose their contents in rendered output. This issue has been patched in version 9.14.1. | ||||
| CVE-2026-34745 | 1 Shaneisrael | 1 Fireshare | 2026-04-07 | 9.1 Critical |
| Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3. | ||||
| CVE-2026-28373 | 1 Stackfield | 1 Desktop App | 2026-04-07 | 9.6 Critical |
| The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem. | ||||
| CVE-2026-21991 | 2 Oracle, Oracle Corporation | 2 Linux, Oracle Linux | 2026-04-07 | 5.5 Medium |
| A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. | ||||