A path traversal vulnerability in DreamMaker, developed by Interinfo, allows unauthenticated remote attackers to read file names under arbitrary paths via absolute path traversal. The vulnerability is classified as CWE-36 (Absolute Path Traversal) and carries a CVSS 4.0 score of 6.9 (Medium severity). The issue was disclosed on May 29, 2026, with advisory sources from Taiwan's TW-CERT. No known exploitati [truncated]
## Summary CVE-2026-10074 documents an Arbitrary File Read vulnerability in DreamMaker, a product developed by Interinfo. The vulnerability stems from Relative Path Traversal (CWE-23) and can be exploited by privileged local attackers to download arbitrary system files. The vulnerability was published to the CVE List on 2026-05-29 and carries a CVSS 4.0 base score of 6.9 (MEDIUM severity). The NVD entry c [truncated]
DreamMaker, a software product developed by Interinfo, contains an Arbitrary File Read vulnerability that enables unauthenticated local attackers to exploit Relative Path Traversal (CWE-23) and download arbitrary system files. The vulnerability carries a HIGH severity CVSS score of 8.7. The CVE record was published on May 29, 2026, with a subsequent modification later the same day. The vulnerability is cu [truncated]
## Summary CVE-2026-10072 documents an arbitrary file upload vulnerability in DreamMaker, a product developed by Interinfo. The flaw allows privileged remote attackers to upload and execute web shell backdoors, resulting in arbitrary code execution on the affected server. The vulnerability is classified as HIGH severity with a CVSS 4.0 score of 8.6. The issue was published to the NVD on 2026-05-29 and car [truncated]
