Path Traversal

Critical 9.1 Flaws Hit Fortinet FortiSandbox

• Vulnerability Report

Critical 9.1 Flaws Hit Fortinet FortiSandbox

Do Son April 15, 2026 0

Fortinet has issued an urgent advisory regarding two critical vulnerabilities in its FortiSandbox platform—vulnerabilities that could allow...

Read More Read more about Critical 9.1 Flaws Hit Fortinet FortiSandbox

Critical 9.8 CVSS Flaws in goshs Exposed

• Vulnerability Report

Critical 9.8 CVSS Flaws in goshs Exposed

Do Son April 9, 2026 0

Security researchers have unmasked three critical vulnerabilities in goshs, a popular high-performance replacement for Python’s SimpleHTTPServer. The...

Read More Read more about Critical 9.8 CVSS Flaws in goshs Exposed

Ninja Forms Alert: Critical 9.8 RCE Vulnerability Under Active Attack

• Vulnerability Report

Ninja Forms Alert: Critical 9.8 RCE Vulnerability Under Active Attack

Do Son April 6, 2026 0

In a major alert for the WordPress community, a critical security flaw has been disclosed in the...

Read More Read more about Ninja Forms Alert: Critical 9.8 RCE Vulnerability Under Active Attack

200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover

• Vulnerability Report

200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover

Do Son April 3, 2026 0

Researchers expose a critical vulnerability in Perfmatters, a popular performance-optimization WordPress plugin with over 200,000 active installations....

Read More Read more about 200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover

Total Takeover: Critical 10.0 CVSS Path Traversal Flaw Hits Ubiquiti UniFi Networks

• Vulnerability Report

Total Takeover: Critical 10.0 CVSS Path Traversal Flaw Hits Ubiquiti UniFi Networks

Do Son March 19, 2026 0

Ubiquiti has issued an urgent security advisory following the discovery of two significant vulnerabilities within its UniFi...

Read More Read more about Total Takeover: Critical 10.0 CVSS Path Traversal Flaw Hits Ubiquiti UniFi Networks

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines

• Vulnerability Report

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines

Do Son March 16, 2026 0

Security researchers have exposed a devastating vulnerability in TinaCMS, a popular headless content management system used by...

Read More Read more about Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines

Apache Livy Patches Path Traversal and File Access Flaws Exposing Spark Clusters

• Vulnerability Report

Apache Livy Patches Path Traversal and File Access Flaws Exposing Spark Clusters

Do Son March 13, 2026 0

Apache Livy, the essential bridge that allows web and mobile applications to interact seamlessly with Apache Spark...

Read More Read more about Apache Livy Patches Path Traversal and File Access Flaws Exposing Spark Clusters

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF

• Vulnerability Report

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF

Do Son March 11, 2026 0

The WordPress security team has issued an urgent call to action following the release of WordPress 6.9.2...

Read More Read more about The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF

Total Platform Compromise: Critical 9.6 CVSS Flaws in Budibase Expose Production Secrets

• Vulnerability Report

Total Platform Compromise: Critical 9.6 CVSS Flaws in Budibase Expose Production Secrets

Do Son March 10, 2026 0

Budibase, the popular open-source low-code platform designed for building internal business applications, has released critical security patches...

Read More Read more about Total Platform Compromise: Critical 9.6 CVSS Flaws in Budibase Expose Production Secrets

Critical Backup Flaws Expose Vitess Environments to Complete Takeover

• Vulnerability Report

Critical Backup Flaws Expose Vitess Environments to Complete Takeover

Do Son March 2, 2026 0

Vitess is a cloud-native horizontally-scalable distributed database system that is built around MySQL. It allows organizations to...

Read More Read more about Critical Backup Flaws Expose Vitess Environments to Complete Takeover

Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

• Vulnerability Report

Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

Do Son March 2, 2026 0

With over 18 million downloads, basic-ftp is a cornerstone utility for Node.js developers, offering a robust, Promise-based...

Read More Read more about Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

Critical 9.9 Severity Flaws Expose Centreon Servers to Remote Takeover

• Vulnerability

Critical 9.9 Severity Flaws Expose Centreon Servers to Remote Takeover

Do Son February 26, 2026 0

IT monitoring environments relying on Centreon face a severe threat this week as two critical vulnerabilities have...

Read More Read more about Critical 9.9 Severity Flaws Expose Centreon Servers to Remote Takeover

Critical 9.2 Severity Path Traversal Flaw Compromises ASUSTOR FTP Backups

• Vulnerability Report

Critical 9.2 Severity Path Traversal Flaw Compromises ASUSTOR FTP Backups

Do Son February 25, 2026 0

ASUSTOR has released an urgent security statement detailing multiple critical and high-severity vulnerabilities affecting its ASUSTOR Data...

Read More Read more about Critical 9.2 Severity Path Traversal Flaw Compromises ASUSTOR FTP Backups

Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE

• Vulnerability Report

Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE

Do Son February 23, 2026 0

Calibre, the highly popular, cross-platform e-book manager utilized by readers worldwide to view, convert, edit, and catalog...

Read More Read more about Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE

Triple Threat: Critical Gogs Flaws (CVSS 9.3) Allow RCE & 2FA Bypass

• Vulnerability Report

Triple Threat: Critical Gogs Flaws (CVSS 9.3) Allow RCE & 2FA Bypass

Do Son February 10, 2026 0

A triple threat of security vulnerabilities has been uncovered in Gogs, the popular self-hosted Git service known...

Read More Read more about Triple Threat: Critical Gogs Flaws (CVSS 9.3) Allow RCE & 2FA Bypass

CVE-2025-62878: Critical 10.0 Vulnerability Found in Kubernetes Local Path Provisioner

• Vulnerability Report

CVE-2025-62878: Critical 10.0 Vulnerability Found in Kubernetes Local Path Provisioner

Do Son February 9, 2026 0

A maximum-severity vulnerability has been uncovered in a core Kubernetes storage component, leaving nodes wide open to...

Read More Read more about CVE-2025-62878: Critical 10.0 Vulnerability Found in Kubernetes Local Path Provisioner

4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE

• Vulnerability Report

4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE

Do Son February 6, 2026 0

A critical vulnerability has been discovered in the unstructured library, a powerhouse tool used by developers to...

Read More Read more about 4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE

The “Zeroplayer” Arsenal: WinRAR Flaw CVE-2025-8088 Weaponized by Spies

• Cybercriminals
• Vulnerability Report

The “Zeroplayer” Arsenal: WinRAR Flaw CVE-2025-8088 Weaponized by Spies

Do Son January 29, 2026 0

A critical vulnerability in one of the world’s most popular file archivers has become a favorite weapon...

Read More Read more about The “Zeroplayer” Arsenal: WinRAR Flaw CVE-2025-8088 Weaponized by Spies

CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

• Vulnerability Report

CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

Do Son January 6, 2026 0

A critical vulnerability has been discovered in jsPDF, one of the most popular JavaScript libraries for generating...

Read More Read more about CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files

• Vulnerability Report

CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files

Do Son January 6, 2026 0

Apache Kyuubi, the distributed gateway designed to provide secure, serverless SQL access to massive data lakes, has...

Read More Read more about CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files