Total
7211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35920 | 1 Sanic Project | 1 Sanic | 2025-04-22 | 8.3 High |
| Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue. | ||||
| CVE-2022-36007 | 1 Venice Project | 1 Venice | 2025-04-22 | 6.1 Medium |
| Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions `load-file` and `load-resource`. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: `[ "/Users/foo/resources" ]` When passing **relative** paths to these two vulnerable functions everything is fine: `(load-resource "test.png")` => loads the file "/Users/foo/resources/test.png" `(load-resource "../resources-alt/test.png")` => rejected, outside the load path When passing **absolute** paths to these two vulnerable functions Venice may return files outside the configured load paths: `(load-resource "/Users/foo/resources/test.png")` => loads the file "/Users/foo/resources/test.png" `(load-resource "/Users/foo/resources-alt/test.png")` => loads the file "/Users/foo/resources-alt/test.png" !!! The latter call suffers from the _Partial Path Traversal_ vulnerability. This issue’s scope is limited to absolute paths whose name prefix matches a load path. E.g. for a load-path `"/Users/foo/resources"`, the actor can cause loading a resource also from `"/Users/foo/resources-alt"`, but not from `"/Users/foo/images"`. Versions of Venice before and including v1.10.17 are affected by this issue. Upgrade to Venice >= 1.10.18, if you are on a version < 1.10.18. There are currently no known workarounds. | ||||
| CVE-2022-39215 | 1 Tauri | 1 Tauri | 2025-04-22 | 8.3 High |
| Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`. | ||||
| CVE-2022-39345 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2025-04-22 | 9.8 Critical |
| Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. | ||||
| CVE-2022-39367 | 1 Qtiworks Project | 1 Qtiworks | 2025-04-22 | 8.6 High |
| QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files into other locations in the filesystem if they are writable by the process running the QTIWorks Engine. In extreme cases, this could allow anonymous users to change files in arbitrary locations in the filesystem. In normal QTIWorks Engine deployments, the impact is somewhat reduced because the default QTIWorks configuration does not enable the public demo functionality, so ZIP files can only be uploaded by users with "instructor" privileges. This vulnerability is fixed in version 1.0-beta15. There are no database configuration changes required when upgrading to this version. No known workarounds for this issue exist. | ||||
| CVE-2022-46256 | 1 Github | 1 Enterprise Server | 2025-04-22 | 8.8 High |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-46255 | 1 Github | 1 Enterprise Server | 2025-04-22 | 9.8 Critical |
| An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-22 | 7.5 High |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
| CVE-2022-41920 | 1 Lancet Project | 1 Lancet | 2025-04-22 | 6.3 Medium |
| Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2024-7080 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | 5.3 Medium |
| A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability. | ||||
| CVE-2024-0763 | 1 Mintplexlabs | 1 Anythingllm | 2025-04-22 | 8.1 High |
| Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization. | ||||
| CVE-2022-20449 | 1 Google | 1 Android | 2025-04-22 | 4.4 Medium |
| In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237 | ||||
| CVE-2024-41373 | 1 Icecoder | 1 Icecoder | 2025-04-22 | 6.3 Medium |
| ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. | ||||
| CVE-2025-32779 | 2025-04-22 | 6.5 Medium | ||
| E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the `/backup/import` API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability. Although the application runs as a non-root user (`185`), limiting direct impact on system-level files, this vulnerability can still be exploited to overwrite application files (e.g., JAR libraries) owned by the application user. This overwrite can potentially lead to Remote Code Execution (RCE) within the application's context. This issue has been patched in version 5.5.0. | ||||
| CVE-2023-42961 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 6.3 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions. | ||||
| CVE-2022-23512 | 1 Metersphere | 1 Metersphere | 2025-04-21 | 7.7 High |
| MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + "/" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1. | ||||
| CVE-2025-22927 | 2025-04-21 | 9.1 Critical | ||
| An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. | ||||
| CVE-2022-45969 | 1 Alist Project | 1 Alist | 2025-04-21 | 9.8 Critical |
| Alist v3.4.0 is vulnerable to Directory Traversal, | ||||
| CVE-2024-43011 | 1 Zzcms | 1 Zzcms | 2025-04-21 | 4.9 Medium |
| An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system. | ||||
| CVE-2025-3520 | 2025-04-21 | 8.1 High | ||
| The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||