Skip to main content

Dreammaker

5 CVEs product

Monthly

CVE-2026-10075 MEDIUM This Month

Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file names under arbitrary filesystem paths on the host. The vulnerability stems from CWE-36 (Absolute Path Traversal) and is exploitable over the network without any credentials or user interaction, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). Confidentiality impact is limited to file name disclosure rather than full file content retrieval, per the VC:L scoring. No public exploit code or CISA KEV listing has been identified at time of analysis.

Path Traversal Dreammaker
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-10074 MEDIUM This Month

Arbitrary file read in Interinfo's DreamMaker application allows privileged attackers to traverse relative path boundaries and download arbitrary system files. The vulnerability stems from insufficient path normalization in a file download or retrieval function, enabling exfiltration of sensitive system content without modifying or disrupting the target. No public exploit code has been identified at time of analysis, and the requirement for high privileges (PR:H per CVSS 4.0) materially limits the attacker pool.

Path Traversal Dreammaker
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-10073 HIGH This Week

Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files by abusing a relative path traversal flaw in the application's file-handling logic. The issue is rated CVSS 4.0 8.7 (High) due to network exploitability with no privileges or user interaction, though impact is confined to confidentiality. No public exploit identified at time of analysis, and the disclosure was coordinated through TWCERT (Taiwan's national CERT).

Path Traversal Dreammaker
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-10072 HIGH This Week

Arbitrary file upload in Interinfo DreamMaker allows authenticated high-privilege remote attackers to upload web shell backdoors and achieve arbitrary code execution on the underlying server. The flaw carries a CVSS 4.0 score of 8.6 and was reported via TWCERT, with no public exploit identified at time of analysis. Despite the high privilege requirement, the network-reachable vector and full CIA impact on the host make this a meaningful post-authentication compromise primitive.

File Upload RCE Dreammaker
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-10071 CRITICAL Act Now

Unauthenticated arbitrary file upload in Interinfo DreamMaker allows remote attackers to upload web shell backdoors and execute arbitrary code on the server, scoring CVSS 4.0 9.3 (Critical). No public exploit identified at time of analysis, but the combination of no authentication, low attack complexity, and complete CIA impact makes this a high-priority issue. TWCERT (Taiwan's national CERT) is the reporting source, indicating regional advisory coordination.

File Upload RCE Dreammaker
NVD
CVSS 4.0
9.3
EPSS
0.2%
EPSS 0% CVSS 6.9
MEDIUM This Month

Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file names under arbitrary filesystem paths on the host. The vulnerability stems from CWE-36 (Absolute Path Traversal) and is exploitable over the network without any credentials or user interaction, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). Confidentiality impact is limited to file name disclosure rather than full file content retrieval, per the VC:L scoring. No public exploit code or CISA KEV listing has been identified at time of analysis.

Path Traversal Dreammaker
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Arbitrary file read in Interinfo's DreamMaker application allows privileged attackers to traverse relative path boundaries and download arbitrary system files. The vulnerability stems from insufficient path normalization in a file download or retrieval function, enabling exfiltration of sensitive system content without modifying or disrupting the target. No public exploit code has been identified at time of analysis, and the requirement for high privileges (PR:H per CVSS 4.0) materially limits the attacker pool.

Path Traversal Dreammaker
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files by abusing a relative path traversal flaw in the application's file-handling logic. The issue is rated CVSS 4.0 8.7 (High) due to network exploitability with no privileges or user interaction, though impact is confined to confidentiality. No public exploit identified at time of analysis, and the disclosure was coordinated through TWCERT (Taiwan's national CERT).

Path Traversal Dreammaker
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary file upload in Interinfo DreamMaker allows authenticated high-privilege remote attackers to upload web shell backdoors and achieve arbitrary code execution on the underlying server. The flaw carries a CVSS 4.0 score of 8.6 and was reported via TWCERT, with no public exploit identified at time of analysis. Despite the high privilege requirement, the network-reachable vector and full CIA impact on the host make this a meaningful post-authentication compromise primitive.

File Upload RCE Dreammaker
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated arbitrary file upload in Interinfo DreamMaker allows remote attackers to upload web shell backdoors and execute arbitrary code on the server, scoring CVSS 4.0 9.3 (Critical). No public exploit identified at time of analysis, but the combination of no authentication, low attack complexity, and complete CIA impact makes this a high-priority issue. TWCERT (Taiwan's national CERT) is the reporting source, indicating regional advisory coordination.

File Upload RCE Dreammaker
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy