Path-Traversal
SEPPmail Secure Email Gateway: Seven Flaws Including CVSS 10.0 Path Traversal to RCE
InfoGuard Labs discloses seven vulnerabilities in SEPPmail Secure E-Mail Gateway, including a CVSS 10.0 path-traversal-to-RCE bug and an unauthenticated Perl eval injection — full appliance takeover and mail-traffic interception.
CrowdStrike LogScale CVE-2026-40050: Unauthenticated Path Traversal Reads Arbitrary Server Files
A critical 9.8 CVSS path traversal in CrowdStrike's LogScale lets unauthenticated attackers read arbitrary files from self-hosted clusters. Patch to 1.235.1, 1.234.1, 1.233.1, or 1.228.2 LTS.
CrowdStrike LogScale CVE-2026-40050: Unauthenticated Path Traversal Reads Arbitrary Files (CVSS 9.8)
A critical unauthenticated path-traversal flaw (CVSS 9.8) in CrowdStrike LogScale Self-Hosted lets remote attackers read arbitrary server files via an exposed cluster API endpoint. SaaS already mitigated; on-prem operators must patch immediately.
Ubiquiti UniFi Network Application Hit With CVSS 10 Path Traversal — Unauthenticated Account Takeover Possible
CVE-2026-22557 is a maximum-severity path traversal in Ubiquiti UniFi Network Application that enables unauthenticated full account takeover. Chain it with CVE-2026-22558 for admin escalation. Patch to 10.1.89 immediately.