Directory Traversal Archives • Daily CyberSecurity

CISA Sound the Alarm: Langflow AI Platform and Trend Micro Added to KEV Catalog Due to Active Exploitation CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

CISA Sound the Alarm: Langflow AI Platform and Trend Micro Added to KEV Catalog Due to Active Exploitation

Ddos May 21, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two newly weaponized security vulnerabilities to its...

Critical Spring Cloud Config Flaws Expose Arbitrary Files and GCP Secrets Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

Critical Spring Cloud Config Flaws Expose Arbitrary Files and GCP Secrets

Ddos May 7, 2026

The Spring Cloud Config project, a vital component for centralizing external configuration in distributed systems, has released...

High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF

Ddos March 24, 2026

A significant security flaw has been identified in Spring Cloud Config, a popular framework used to provide...

Trend Micro Issues Critical Patch for Apex One: Severe RCE Flaws Addressed Trend Micro Apex One CVE-2025-71210 AI Security Trend Micro Deep Security - CVE-2024-48904 & CVE-2024-51503

Trend Micro Apex One CVE-2025-71210 AI Security Trend Micro Deep Security - CVE-2024-48904 & CVE-2024-51503

Trend Micro Issues Critical Patch for Apex One: Severe RCE Flaws Addressed

Ddos February 26, 2026

Network defenders using Trend Micro Apex One need to prioritize their patching schedules this week. TrendAl has...

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal Quake III Arena, Zero-Day Vulnerability

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal

Ddos January 5, 2026

The Quake III Arena engine, a cornerstone of FPS history open-sourced by id Software, has been hit...

CISA KEV Alert: WinRAR Zero-Day Used for Malware Injection and Windows UAF RCE Under Active Attack n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA KEV Alert: WinRAR Zero-Day Used for Malware Injection and Windows UAF RCE Under Active Attack

Ddos December 10, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new mandate for federal agencies to patch...

Critical cPanel Flaw (CVSS 9.3) Allows Directory Traversal LPE for Full Server Takeover cPanel WHM Vulnerabilities 2026 CVE-2026-29205 Arbitrary File Read cPanel Security Vulnerability Perl Injection Exploit cPanel Authentication WHM Security cPanel Privilege Escalation, Directory Traversal LPE

Critical cPanel Flaw (CVSS 9.3) Allows Directory Traversal LPE for Full Server Takeover

Ddos December 3, 2025

cPanel, the industry-standard control panel software that powers a vast portion of the web hosting market, has...

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal IBM AIX RCE, NIM Private Key Leak

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal

Ddos November 17, 2025

IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and...

Critical Sauter AG Flaw (CVE-2025-41723, CVSS 9.8) Allows Unauthenticated File Upload via SOAP Interface Sauter Critical Directory Traversal, Hard-Coded Certificate

Sauter Critical Directory Traversal, Hard-Coded Certificate

Critical Sauter AG Flaw (CVE-2025-41723, CVSS 9.8) Allows Unauthenticated File Upload via SOAP Interface

Ddos October 22, 2025

Swiss building automation manufacturer Sauter AG has disclosed six vulnerabilities in the embedded firmware of its modulo...

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002) 7-Zip RCE, ZIP Directory Traversal

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)

Ddos October 11, 2025

The Zero Day Initiative (ZDI) has published details of two critical vulnerabilities in the popular open-source compression...

Django Security Alert: High-Severity SQL Injection Flaw (CVE-2025-59681) Fixed in Latest Updates Django vulnerability - CVE-2024-42005 Django SQL Injection, CVE-2025-59681

Django vulnerability - CVE-2024-42005 Django SQL Injection, CVE-2025-59681

Django Security Alert: High-Severity SQL Injection Flaw (CVE-2025-59681) Fixed in Latest Updates

Ddos October 2, 2025

The Django team has issued new security releases for the popular Python web framework, addressing two vulnerabilities...

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944) SAP SQL Injection April 2026 Patch Day SAP Security, Critical Vulnerabilities Security Patch Day CVE-2025-42944

SAP SQL Injection April 2026 Patch Day SAP Security, Critical Vulnerabilities Security Patch Day CVE-2025-42944

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

Ddos September 9, 2025

Today, SAP released 21 new Security Notes and 4 updates as part of its monthly Security Patch...

CVE-2025-48387: Critical tar-fs Vulnerability Exposes Millions to Arbitrary File Writes tar-fs, directory traversal

CVE-2025-48387: Critical tar-fs Vulnerability Exposes Millions to Arbitrary File Writes

Ddos August 18, 2025

A newly disclosed vulnerability in the widely used tar-fs NPM package has raised alarms across the software...

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution WinRAR RCE, Directory Traversal

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution

Ddos June 24, 2025

A newly disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of...

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers! Convoy RCE, Unauthenticated

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!

Ddos June 24, 2025

A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has...

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103) CVE-2024-53552 CrushFTP vulnerability, SSRF

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103)

Ddos April 15, 2025

CrushFTP, a popular file transfer server, is facing increased scrutiny following the discovery of two significant security...