CVE ID :CVE-2026-34414 Published : April 22, 2026, 6:32 p.m. | 46 minutes ago Description :Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value containing directory traversal sequences to move files from project media directories to arbitrary locations on the filesystem, potentially overwriting application files, achieving stored cross-site scripting, or combining with other vulnerabilities to achieve unauthenticated remote code execution by moving PHP code files to the application root. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...