Total
7429 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25895 | 1 Lite-dev-server Project | 1 Lite-dev-server | 2025-04-16 | 7.5 High |
| All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | ||||
| CVE-2024-33869 | 2 Artifex, Redhat | 3 Ghostscript, Enterprise Linux, Rhel Eus | 2025-04-16 | 5.3 Medium |
| An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. | ||||
| CVE-2024-33870 | 2 Artifex, Redhat | 3 Ghostscript, Enterprise Linux, Rhel Eus | 2025-04-16 | 6.3 Medium |
| An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. | ||||
| CVE-2024-46375 | 2 Best House Rental Management System, Mayurik | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-16 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | ||||
| CVE-2024-46376 | 2 Best House Rental Management System, Mayurik | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-16 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | ||||
| CVE-2024-33350 | 2 Taocms, Taogogo | 2 Taocms, Taocms | 2025-04-16 | 9.8 Critical |
| Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | ||||
| CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | 6.5 Medium |
| Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | ||||
| CVE-2022-25931 | 1 Easy-static-server Project | 1 Easy-static-server | 2025-04-16 | 7.5 High |
| All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | ||||
| CVE-2020-14523 | 1 Mitsubishielectric | 27 Cw Configurator, Fr Configurator2, Gx Works2 and 24 more | 2025-04-16 | 8.3 High |
| Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. | ||||
| CVE-2020-25176 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2025-04-16 | 9.1 Critical |
| Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. | ||||
| CVE-2021-27471 | 1 Rockwellautomation | 1 Connected Components Workbench | 2025-04-16 | 7.7 High |
| The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful. | ||||
| CVE-2021-32981 | 1 Aveva | 1 System Platform | 2025-04-16 | 7.2 High |
| AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | ||||
| CVE-2022-2120 | 1 Offis | 1 Dcmtk | 2025-04-16 | 7.5 High |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | ||||
| CVE-2022-2119 | 1 Offis | 1 Dcmtk | 2025-04-16 | 7.5 High |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | ||||
| CVE-2022-1373 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2025-04-16 | 7.2 High |
| The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk. | ||||
| CVE-2022-2464 | 1 Rockwellautomation | 1 Isagraf Workbench | 2025-04-16 | 7.7 High |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. | ||||
| CVE-2022-25249 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2025-04-16 | 7.5 High |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | ||||
| CVE-2021-27473 | 1 Rockwellautomation | 1 Connected Components Workbench | 2025-04-16 | 6.1 Medium |
| Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | ||||
| CVE-2022-25347 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | ||||
| CVE-2021-32949 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2025-04-16 | 7.5 High |
| An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | ||||