Monthly
Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the server by abusing the 'cmd=log' command with a crafted log path parameter. The flaw allows any low-privileged API user to escape the intended log directory and access sensitive files such as configuration, credentials, or keystores, with no public exploit identified at time of analysis.
Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files on the server by sending crafted requests whose URL path begins with /woshome, which are handled by the WOSDefaultHttpModule.dll component. The CVSS 7.5 scoring (confidentiality-only impact) reflects unrestricted file read without code execution or service disruption. No public exploit has been identified at time of analysis, and the issue was reported by Tenable rather than appearing in CISA KEV.
Directory traversal in Trend Micro Apex One on-premise server (versions before 14.0.0.17079) enables a highly privileged local attacker to manipulate a key server table and inject malicious code that propagates to all managed endpoint agents, effectively weaponizing the EDR platform's own distribution infrastructure. The attack requires an adversary who has already obtained administrative credentials to the Apex One server through a separate compromise vector. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the changed scope (S:C) in the CVSS vector signals that a successful exploit extends impact beyond the server itself to the entire managed agent fleet.
Path traversal in XWiki Platform allows unauthenticated remote attackers to read arbitrary files on the server, including sensitive configuration like WEB-INF/xwiki.cfg, by abusing the resource parameter of the ssx and jsx endpoints with leading-slash prefixes. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege exploitation with high impact to confidentiality, integrity, and availability of the vulnerable component. No public exploit identified at time of analysis, though the GitHub Security Advisory includes a working URL pattern that effectively demonstrates the issue.
Arbitrary file read and deletion in the Kirki - Freeform Page Builder plugin for WordPress (versions through 6.0.6) allows unauthenticated remote attackers to read and delete files within the WordPress uploads base directory by abusing the 'downloadZIP' function. The flaw stems from insufficient path validation and a missing capability check, and was reported by Wordfence; no public exploit identified at time of analysis.
Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and reach the Plugin Daemon's internal REST API, including debug interfaces, by smuggling unencoded dot sequences through task identifiers or filename parameters. Because Dify Cloud permits unauthenticated free self-registration, the authentication barrier collapses to trivial account creation, and publicly available exploit code exists; the attacker only needs the victim tenant's UUID to pivot. CVSS 4.0 is rated 9.2 with high confidentiality and integrity impact.
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
Remote path traversal in Siemens ROS# versions prior to V2.2.2 enables unauthenticated attackers to read arbitrary files from affected systems due to insufficient input sanitization. The vulnerability affects the ROS# library, a C# .NET implementation for Robot Operating System communication, with CVSS 9.3 critical severity. No active exploitation or public exploit code has been identified at time of analysis, though the network-accessible attack vector and lack of authentication requirements present significant risk for robotics systems using this library.
Denial of service in Gibbon versions before v30.0.01 via path traversal during ZIP file extraction allows authenticated users with Teacher or higher privileges to trigger file deletion and application unavailability. The vulnerability exploits improper handling of malicious ZIP archives, where failed extraction attempts result in unintended deletion of PHP application files. This requires elevated privileges within the application and network access to the vulnerable endpoint.
Path traversal in django-s3file's S3FileMiddleware allows attackers to manipulate HTTP requests and force Django applications to load arbitrary files from unintended S3 locations into request.FILES, bypassing pre-signed upload location restrictions. Affects all versions <=7.0.1. Vendor-confirmed vulnerability with patch released in version 7.0.2. No active exploitation confirmed (not in CISA KEV). CVSS metrics not available, but path traversal combined with file handling operations presents moderate confidentiality and integrity risk depending on application-specific file processing logic.
Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the server by abusing the 'cmd=log' command with a crafted log path parameter. The flaw allows any low-privileged API user to escape the intended log directory and access sensitive files such as configuration, credentials, or keystores, with no public exploit identified at time of analysis.
Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files on the server by sending crafted requests whose URL path begins with /woshome, which are handled by the WOSDefaultHttpModule.dll component. The CVSS 7.5 scoring (confidentiality-only impact) reflects unrestricted file read without code execution or service disruption. No public exploit has been identified at time of analysis, and the issue was reported by Tenable rather than appearing in CISA KEV.
Directory traversal in Trend Micro Apex One on-premise server (versions before 14.0.0.17079) enables a highly privileged local attacker to manipulate a key server table and inject malicious code that propagates to all managed endpoint agents, effectively weaponizing the EDR platform's own distribution infrastructure. The attack requires an adversary who has already obtained administrative credentials to the Apex One server through a separate compromise vector. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the changed scope (S:C) in the CVSS vector signals that a successful exploit extends impact beyond the server itself to the entire managed agent fleet.
Path traversal in XWiki Platform allows unauthenticated remote attackers to read arbitrary files on the server, including sensitive configuration like WEB-INF/xwiki.cfg, by abusing the resource parameter of the ssx and jsx endpoints with leading-slash prefixes. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege exploitation with high impact to confidentiality, integrity, and availability of the vulnerable component. No public exploit identified at time of analysis, though the GitHub Security Advisory includes a working URL pattern that effectively demonstrates the issue.
Arbitrary file read and deletion in the Kirki - Freeform Page Builder plugin for WordPress (versions through 6.0.6) allows unauthenticated remote attackers to read and delete files within the WordPress uploads base directory by abusing the 'downloadZIP' function. The flaw stems from insufficient path validation and a missing capability check, and was reported by Wordfence; no public exploit identified at time of analysis.
Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and reach the Plugin Daemon's internal REST API, including debug interfaces, by smuggling unencoded dot sequences through task identifiers or filename parameters. Because Dify Cloud permits unauthenticated free self-registration, the authentication barrier collapses to trivial account creation, and publicly available exploit code exists; the attacker only needs the victim tenant's UUID to pivot. CVSS 4.0 is rated 9.2 with high confidentiality and integrity impact.
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
Remote path traversal in Siemens ROS# versions prior to V2.2.2 enables unauthenticated attackers to read arbitrary files from affected systems due to insufficient input sanitization. The vulnerability affects the ROS# library, a C# .NET implementation for Robot Operating System communication, with CVSS 9.3 critical severity. No active exploitation or public exploit code has been identified at time of analysis, though the network-accessible attack vector and lack of authentication requirements present significant risk for robotics systems using this library.
Denial of service in Gibbon versions before v30.0.01 via path traversal during ZIP file extraction allows authenticated users with Teacher or higher privileges to trigger file deletion and application unavailability. The vulnerability exploits improper handling of malicious ZIP archives, where failed extraction attempts result in unintended deletion of PHP application files. This requires elevated privileges within the application and network access to the vulnerable endpoint.
Path traversal in django-s3file's S3FileMiddleware allows attackers to manipulate HTTP requests and force Django applications to load arbitrary files from unintended S3 locations into request.FILES, bypassing pre-signed upload location restrictions. Affects all versions <=7.0.1. Vendor-confirmed vulnerability with patch released in version 7.0.2. No active exploitation confirmed (not in CISA KEV). CVSS metrics not available, but path traversal combined with file handling operations presents moderate confidentiality and integrity risk depending on application-specific file processing logic.