Path Traversal Archives • Page 3 of 4 • Daily CyberSecurity

CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

Do Son January 6, 2026

A critical vulnerability has been discovered in jsPDF, one of the most popular JavaScript libraries for generating...

CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files Apache Kyuubi, CVE-2025-66518

CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files

Do Son January 6, 2026

Apache Kyuubi, the distributed gateway designed to provide secure, serverless SQL access to massive data lakes, has...

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE AdonisJS RCE, CVE-2026-21440

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE

Do Son January 5, 2026

A critical security vulnerability has been discovered in AdonisJS, a popular full-stack Node.js web framework known for...

QNAP Patches High-Severity SQL Injection and Path Traversal Flaws QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

QNAP Patches High-Severity SQL Injection and Path Traversal Flaws

Do Son January 5, 2026

Network-attached storage giant QNAP has issued a sweeping set of security advisories, patching critical vulnerabilities that could...

Critical Wget2 Flaws Expose Users to Arbitrary File Overwrites and Memory Crashes GNU Wget2, Path Traversal

Critical Wget2 Flaws Expose Users to Arbitrary File Overwrites and Memory Crashes

Do Son January 2, 2026

GNU Wget2, the modern successor to the ubiquitous command-line download tool, has been hit with a double...

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass Gogs Zero-Day RCE, Symlink Path Traversal

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass

Do Son December 11, 2025

A routine malware investigation has spiraled into the discovery of a widespread “smash-and-grab” campaign targeting the developer...

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604) SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604)

Do Son November 22, 2025

SonicWall has released security updates addressing two vulnerabilities in its Email Security appliances, including one that could...

Docker Compose Path Traversal (CVE-2025-62725) Allows Arbitrary File Overwrite via OCI Artifacts CVE-2024-41110 Docker Compose Path Traversal, OCI Artifacts

CVE-2024-41110 Docker Compose Path Traversal, OCI Artifacts

Docker Compose Path Traversal (CVE-2025-62725) Allows Arbitrary File Overwrite via OCI Artifacts

Do Son October 29, 2025

The Docker Compose project has disclosed a high-severity path traversal vulnerability tracked as CVE-2025-62725 (CVSS v4 8.9),...

Jira Path Traversal Flaw (CVE-2025-22167) Allows Arbitrary File Write on Server/Data Center CVE-2023-22522 Jira Path Traversal, CVE-2025-22167

Jira Path Traversal Flaw (CVE-2025-22167) Allows Arbitrary File Write on Server/Data Center

Do Son October 23, 2025

Atlassian has released patches addressing a high-severity Path Traversal vulnerability (CVE-2025-22167) affecting Jira Software Data Center and...

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798) Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)

Do Son October 3, 2025

Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns of Critical Flaw in Delta DIALink: CVE-2025-58321 (CVSS 10.0)

Do Son September 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning about two serious...

PoC Exploit Released for Nagios XI RCE Flaw Allows Attackers to Hijack Servers Nagios XI, remote code execution

PoC Exploit Released for Nagios XI RCE Flaw Allows Attackers to Hijack Servers

Do Son September 1, 2025

Nagios XI, one of the most widely used IT infrastructure monitoring solutions, has been found vulnerable to...

QNAP Patches Critical Flaw (CVE-2025-52856) with CVSS 9.3 QNAP Vulnerabilities CVE-2025-52856

QNAP Patches Critical Flaw (CVE-2025-52856) with CVSS 9.3

Do Son August 29, 2025

QNAP has released a security advisory addressing multiple vulnerabilities affecting the QVR firmware on legacy VioStor NVR...

WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware WinRAR Zero-Day, Path Traversal CVE-2025-8088

WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware

Do Son August 11, 2025

Security researchers at ESET have uncovered a zero-day path traversal vulnerability in the Windows version of WinRAR...

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise Samsung MagicINFO, Digital Signage Vulnerabilities

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Do Son July 24, 2025

Samsung’s widely used MagicINFO 9 Server, a digital signage management platform, was found multi security vulnerabilities. Security...

High-Severity Node.js Flaws Expose Windows Apps to Path Traversal (CVE-2025-27210) & HashDoS (CVE-2025-27209) Attacks CVE-2022-32212 Node.js Vulnerabilities, Path Traversal

CVE-2022-32212 Node.js Vulnerabilities, Path Traversal

High-Severity Node.js Flaws Expose Windows Apps to Path Traversal (CVE-2025-27210) & HashDoS (CVE-2025-27209) Attacks

Do Son July 16, 2025

The OpenJS Foundation has released important updates to Node.js 24.x, 22.x, and 20.x release lines, addressing two...

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks

Do Son July 9, 2025

iemens has released a critical security advisory detailing multiple high-severity vulnerabilities affecting SINEC NMS, its flagship network...

Anthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE Anthropic MCP, RCE Vulnerability

Anthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE

Do Son July 4, 2025

Cymulate Research Labs has revealed Anthropic’s Filesystem MCP Server vulnerabilities. Two newly disclosed flaws—CVE-2025-53110 and CVE-2025-53109—exposes systems...

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access MICROSENS NMP Web+, Critical Vulnerabilities