Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-10075

Summary
Assigner-twcert
Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
Published At-29 May, 2026 | 12:53
Updated At-29 May, 2026 | 12:53
Rejected At-
Credits

Interinfo|DreamMaker - Path Traversal

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:twcert
Assigner Org ID:cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
Published At:29 May, 2026 | 12:53
Updated At:29 May, 2026 | 12:53
Rejected At:
▼CVE Numbering Authority (CNA)
Interinfo|DreamMaker - Path Traversal

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability.

Affected Products
Vendor
Interinfo
Product
DreamMaker
Default Status
unaffected
Versions
Affected
  • From 0 through Java Composer 2.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-36CWE-36 Absolute path traversal
Type: CWE
CWE ID: CWE-36
Description: CWE-36 Absolute path traversal
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-597CAPEC-597 Absolute Path Traversal
CAPEC ID: CAPEC-597
Description: CAPEC-597 Absolute Path Traversal
Solutions

Update to version Java Composer 2.3 or later

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html
third-party-advisory
Hyperlink: https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html
Resource:
third-party-advisory
Hyperlink: https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html
Resource:
third-party-advisory
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:twcert@cert.org.tw
Published At:29 May, 2026 | 14:16
Updated At:29 May, 2026 | 15:11

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-36Primarytwcert@cert.org.tw
CWE ID: CWE-36
Type: Primary
Source: twcert@cert.org.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.twcert.org.tw/en/cp-139-10946-1127f-2.htmltwcert@cert.org.tw
N/A
https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.htmltwcert@cert.org.tw
N/A
Hyperlink: https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html
Source: twcert@cert.org.tw
Resource: N/A
Hyperlink: https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html
Source: twcert@cert.org.tw
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2024-11978
Matching Score-6
Assigner-TWCERT/CC
ShareView Details
Matching Score-6
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.80%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 02:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Interinfo DreamMaker - Arbitrary File Reading through Path Traversal

DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

Action-Not Available
Vendor-Interinfointerinfo
Product-DreamMakerdreammaker
CWE ID-CWE-36
Absolute Path Traversal
CVE-2026-7217
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 18.08%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 02:30
Updated-28 Apr, 2026 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deepractice PromptX Document File index.ts read_pdf absolute path traversal

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-Deepractice
Product-PromptX
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-36
Absolute Path Traversal
CVE-2024-1703
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.28% / 51.14%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 17:00
Updated-03 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZhongBangKeJi CRMEB openfile absolute path traversal

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-crmebZhongBangKeJicrmeb
Product-crmebCRMEBcrmeb
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-5390
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.85%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 17:46
Updated-29 May, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-controledge_unit_operations_controller_firmwarecontroledge_virtual_unit_operations_controllercontroledge_unit_operations_controllercontroledge_virtual_unit_operations_controller_firmwareControlEdge UOC
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-1020
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.18%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 02:57
Updated-23 Jan, 2026 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gotac|Police Statistics Database System - Absolute Path Traversal

Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory.

Action-Not Available
Vendor-gotacGotac
Product-police_statistics_database_systemPolice Statistics Database System
CWE ID-CWE-36
Absolute Path Traversal
CVE-2025-14848
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 17.31%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 20:34
Updated-31 Dec, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech WebAccess/SCADA Absolute Path Traversal

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccess\/scadaWebAccess/SCADA
CWE ID-CWE-36
Absolute Path Traversal
CVE-2024-6097
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.62%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 17:37
Updated-24 Feb, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Absolute Path Traversal Vulnerability

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_reportingProgress® Telerik® Reporting
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-36
Absolute Path Traversal
Details not found