Total
7427 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7462 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2025-04-20 | N/A |
| Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | ||||
| CVE-2017-9416 | 1 Odoo | 1 Odoo | 2025-04-20 | N/A |
| Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | ||||
| CVE-2016-8206 | 1 Brocade | 1 Network Advisor | 2025-04-20 | N/A |
| A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | ||||
| CVE-2016-6269 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 9.1 Critical |
| Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | ||||
| CVE-2024-55602 | 1 Pwndoc Project | 1 Pwndoc | 2025-04-18 | 7.6 High |
| PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue. | ||||
| CVE-2024-4442 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-18 | 9.1 Critical |
| The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | ||||
| CVE-2022-29580 | 1 Google | 1 Google Search | 2025-04-18 | 8.9 High |
| There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41 | ||||
| CVE-2022-40264 | 1 Iconics | 1 Genesis64 | 2025-04-18 | 6.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker. | ||||
| CVE-2022-34271 | 1 Apache | 1 Atlas | 2025-04-18 | 8.8 High |
| A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. | ||||
| CVE-2025-27283 | 2025-04-17 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator allows Path Traversal. This issue affects Theme File Duplicator: from n/a through 1.3. | ||||
| CVE-2025-27299 | 2025-04-17 | 5.3 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events allows Path Traversal. This issue affects MyTicket Events: from n/a through 1.2.4. | ||||
| CVE-2025-39568 | 2025-04-17 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3. | ||||
| CVE-2024-46987 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | 7.7 High |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-20804 | 1 Samsung | 2 Android, Myfiles | 2025-04-17 | 4 Medium |
| Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. | ||||
| CVE-2024-46986 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | 10 Critical |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-46137 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | 7.5 High |
| AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | ||||
| CVE-2023-42232 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. | ||||
| CVE-2023-42229 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 6.5 Medium |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. | ||||
| CVE-2023-42227 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. | ||||
| CVE-2023-42226 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | ||||