CVE-2026-34414 - Xerte Online Toolkits Path Traversal via connector.php
CVE ID :CVE-2026-34414 Published : April 22, 2026, 7:17 p.m. | 23 minutes ago Description :Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] CVE-2026-41168 - pypdf has possible long runtimes for wrong size values in cross-reference and object streams
- [CYBER] CVE-2026-41167 - Jellystat has SQL Injection that leads to to Remote Code Execution
- [CYBER] CVE-2026-41166 - OpenRemote has Improper Access Control via updateUserRealmRoles function
- [CYBER] CVE-2026-41134 - Kiota: Code Generation Literal Injection
- [CYBER] CVE-2026-40937 - RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks
- [CYBER] CVE-2026-40882 - OpenRemote has XXE in Velbus Asset Import