Tag

#Path Traversal

newsCRITICAL 9.6

Critical Path Traversal Vulnerability in JetBrains IntelliJ IDEA

A critical vulnerability (CVE-2026-59792) with a CVSS score of 9.6 was discovered in JetBrains IntelliJ IDEA, allowing for code execution via path traversal in project workspace ID handling. Users of IntelliJ IDEA versions before 2026.1.4 and 2026.2 are affected. Immediate action is required to update to a patched version.

1 source
blogHIGH 8.4

Understanding and Defending Against CVE-2026-58302: A LinuxCNC Privilege Escalation Vulnerability

CVE-2026-58302 is a privilege escalation vulnerability in LinuxCNC before version 2.9.9, allowing unprivileged local users to escalate privileges to root. This vulnerability is caused by insufficient validation of user-supplied module names, leading to path traversal and arbitrary shared library loading. The vulnerability has a CVSS score of 8.4, indicating high severity.

1 source
newsHIGH 8.8

CVE-2026-40521: Path Traversal Vulnerability in FrontAccounting

A path traversal vulnerability in FrontAccounting before 2.4.20 allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences. This vulnerability has a CVSS score of 8.8 and is considered high severity.

1 source
articleHIGH 8.8

Critical Vulnerability in Jenkins External Workspace Manager Plugin Allows Remote Code Execution

A critical vulnerability, CVE-2026-57296, with a CVSS score of 8.8, was discovered in the Jenkins External Workspace Manager Plugin. This vulnerability allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, potentially leading to remote code execution. The plugin versions 1.3.2 and earlier are affected. Organizations using this plugin are urged to update to the latest version to mitigate this vulnerability.

1 source
newsHIGH 7.7

CVE-2026-42129: Grafana Loki Datasource Plugin Path Traversal Vulnerability

A path traversal vulnerability in the Grafana Loki datasource plugin allows an authenticated Viewer-role user to access administrative Loki endpoints and extract sensitive backend configuration and internal service information. This vulnerability has a CVSS score of 7.7 and is considered HIGH severity. Affected users should update Grafana OSS to a patched version.

1 source