ZCyberNews
中文

#path-traversal

9 articles

From 9 articles published between April 22 and May 18, 2026, ZCyberNews coverage of path-traversal vulnerabilities highlights critical risks across government, technology, and consumer IoT sectors. The most severe CVEs include CVE-2026-40050 (CVSS 9.8), CVE-2026-45230 (CVSS 9.1), CVE-2024-1708 (CVSS 8.4), CVE-2026-6282 (CVSS 8.1), and CVE-2026-7819 (CVSS 8.1). The reporting spans global regions, with a focus on North America and the United States, and features a severity mix of three critical and six high-severity vulnerabilities.

CVE-2026-45230: Unauthenticated Path Traversal in DumbAssets LetsCRITICAL
Vulnerabilities

CVE-2026-45230: Unauthenticated Path Traversal in DumbAssets Lets

CVE-2026-45230 (CVSS 9.1) in DumbAssets through 1.0.11 lets unauthenticated attackers delete arbitrary files via path traversal in the POST /api/delete-file endpoint.

CVE-2026-45230
3 min read
CVE-2024-57728: SimpleHelp Path Traversal Lets Admins UploadHIGH
Vulnerabilities

CVE-2024-57728: SimpleHelp Path Traversal Lets Admins Upload

CISA adds CVE-2024-57728 to Known Exploited Vulnerabilities: SimpleHelp path traversal via zip slip allows admin users to upload arbitrary files and execute code. Due May 8, 2026.

CVE-2024-57728
3 min read
CVE-2025-2749: Kentico Xperience Path Traversal Under Active ExploitHIGH
Vulnerabilities

CVE-2025-2749: Kentico Xperience Path Traversal Under Active Exploit

CISA adds CVE-2025-2749 to KEV catalog: Kentico Xperience path traversal lets authenticated Staging Sync Server upload arbitrary files. Due date for federal agencies: May 4, 2026.

CVE-2025-2749
3 min read
HACS Path Traversal CVE-2021-47942 Lets Attackers Steal HomeHIGH
Vulnerabilities

HACS Path Traversal CVE-2021-47942 Lets Attackers Steal Home

CVE-2021-47942 (CVSS 7.5) in Home Assistant Community Store 1.10.0 lets unauthenticated attackers read .storage/auth files via /hacsfiles/ traversal, forge JWT tokens, and gain...

CVE-2021-47942
3 min read
Lenovo Personal Cloud Storage Flaw CVE-2026-6282 Enables Lateral FileHIGH
Vulnerabilities

Lenovo Personal Cloud Storage Flaw CVE-2026-6282 Enables Lateral File

CVE-2026-6282 (CVSS 8.1) in Lenovo Personal Cloud Storage lets authenticated users move or access other users' files via improper path validation. No patch yet.

CVE-2026-6282
3 min read
Casdoor LFS Flaw CVE-2026-6815 Lets Admins Write Files AnywhereCRITICAL
Vulnerabilities

Casdoor LFS Flaw CVE-2026-6815 Lets Admins Write Files Anywhere

CVE-2026-6815 in Casdoor's Local File System storage provider lets authenticated admins traverse paths to write arbitrary files outside the sandbox. No patch yet.

CVE-2026-6815
3 min read
pgAdmin 4 File Manager Flaw CVE-2026-7819 Lets Authenticated UsersHIGH
Vulnerabilities

pgAdmin 4 File Manager Flaw CVE-2026-7819 Lets Authenticated Users

CVE-2026-7819 (CVSS 8.1) in pgAdmin 4's File Manager lets authenticated users write files outside their storage directory via symlink path traversal. No patch yet.

CVE-2026-7819
3 min read
CISA Adds Actively Exploited ConnectWise, Windows Flaws to KEVHIGH
Vulnerabilities

CISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV

CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.

CVE-2024-1708
3 min read
CrowdStrike LogScale Vulnerability CVE-2026-40050 Lets Attackers ReadCRITICAL
Vulnerabilities

CrowdStrike LogScale Vulnerability CVE-2026-40050 Lets Attackers Read

CrowdStrike warns of critical unauthenticated path-traversal flaw (CVE-2026-40050, CVSS 9.8) in LogScale cluster API endpoint allowing remote file reads from server filesystem.

CVE-2026-40050
3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.