Total
7434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2119 | 1 Offis | 1 Dcmtk | 2025-04-16 | 7.5 High |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | ||||
| CVE-2022-1373 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2025-04-16 | 7.2 High |
| The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk. | ||||
| CVE-2022-2464 | 1 Rockwellautomation | 1 Isagraf Workbench | 2025-04-16 | 7.7 High |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. | ||||
| CVE-2022-25249 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2025-04-16 | 7.5 High |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | ||||
| CVE-2021-27473 | 1 Rockwellautomation | 1 Connected Components Workbench | 2025-04-16 | 6.1 Medium |
| Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | ||||
| CVE-2022-25347 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | ||||
| CVE-2021-32949 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2025-04-16 | 7.5 High |
| An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | ||||
| CVE-2020-25150 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2025-04-16 | 7.6 High |
| A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | ||||
| CVE-2021-43988 | 1 Fanuc | 1 Roboguide | 2025-04-16 | 6.1 Medium |
| The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights. | ||||
| CVE-2021-43930 | 1 Smartptt | 1 Smartptt Scada | 2025-04-16 | 4.9 Medium |
| Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. | ||||
| CVE-2021-33005 | 1 Myscada | 1 Mypro | 2025-04-16 | 7.5 High |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | ||||
| CVE-2022-1359 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 5.7 Medium |
| The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. | ||||
| CVE-2021-32964 | 1 Aggsoft | 1 Webserver | 2025-04-16 | 6.5 Medium |
| The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. | ||||
| CVE-2022-1661 | 1 Keysight | 4 N6841a Rf, N6841a Rf Firmware, N6854a and 1 more | 2025-04-16 | 7.5 High |
| The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | ||||
| CVE-2022-1518 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2025-04-16 | 10 Critical |
| LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | ||||
| CVE-2022-2106 | 1 Smartics | 1 Smartics | 2025-04-16 | 3.8 Low |
| Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. | ||||
| CVE-2022-1264 | 1 Inductiveautomation | 1 Ignition | 2025-04-16 | 6.8 Medium |
| The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. | ||||
| CVE-2022-2139 | 1 Advantech | 1 Iview | 2025-04-16 | 6.5 Medium |
| The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | ||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2025-04-16 | 3.9 Low |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | ||||
| CVE-2022-2463 | 1 Rockwellautomation | 1 Isagraf Workbench | 2025-04-16 | 6.1 Medium |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | ||||