Total
7635 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55457 | 2025-02-20 | 6.5 Medium | ||
| MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information. | ||||
| CVE-2024-34521 | 2025-02-20 | 3.5 Low | ||
| A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system user running the application. | ||||
| CVE-2022-41840 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | 7.5 High |
| Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | ||||
| CVE-2022-45833 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2025-02-20 | 6.8 Medium |
| Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | ||||
| CVE-2022-45829 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2025-02-20 | 8.7 High |
| Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | ||||
| CVE-2023-6120 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | 4.1 Medium |
| The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server. | ||||
| CVE-2022-32199 | 1 Scriptcase | 1 Scriptcase | 2025-02-19 | 6.5 Medium |
| db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. | ||||
| CVE-2018-25048 | 1 Codesys | 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more | 2025-02-19 | 8.8 High |
| The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. | ||||
| CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2025-02-19 | 9.3 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | ||||
| CVE-2025-0572 | 1 Santesoft | 1 Sante Pacs Server | 2025-02-19 | 4.3 Medium |
| Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308. | ||||
| CVE-2025-0573 | 1 Santesoft | 1 Sante Pacs Server | 2025-02-19 | 5.3 Medium |
| Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25309. | ||||
| CVE-2025-24965 | 2025-02-19 | 8.7 High | ||
| crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-0467 | 1 Wppool | 1 Wp Dark Mode | 2025-02-19 | 4.3 Medium |
| The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. | ||||
| CVE-2022-48361 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | 5.3 Medium |
| The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources. | ||||
| CVE-2023-27700 | 1 Muyucms Project | 1 Muyucms | 2025-02-18 | 8.1 High |
| MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html. | ||||
| CVE-2025-22663 | 2025-02-18 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Paid Videochat Turnkey Site allows Path Traversal. This issue affects Paid Videochat Turnkey Site: from n/a through 7.2.12. | ||||
| CVE-2022-36982 | 1 Ivanti | 1 Avalanche | 2025-02-18 | 7.5 High |
| This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967. | ||||
| CVE-2022-36981 | 1 Ivanti | 1 Avalanche | 2025-02-18 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966. | ||||
| CVE-2025-1357 | 2025-02-18 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-26779 | 2025-02-18 | 4.9 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal. This issue affects Keep Backup Daily: from n/a through 2.1.0. | ||||