Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3021 | 2025-04-01 | N/A | N/A | ||
| Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint. | |||||
| CVE-2025-3048 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace. Users should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build --use-container to update the symlinks. | |||||
| CVE-2025-2292 | 2025-04-01 | N/A | 4.9 MEDIUM | ||
| Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35. | |||||
| CVE-2025-30005 | 2025-04-01 | N/A | 6.7 MEDIUM | ||
| Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | |||||
| CVE-2025-3047 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes. | |||||
| CVE-2025-3043 | 2025-04-01 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-30594 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Include URL allows Path Traversal. This issue affects Include URL: from n/a through 0.3.5. | |||||
| CVE-2025-30910 | 2025-04-01 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6. | |||||
| CVE-2025-31131 | 2025-04-01 | N/A | 8.6 HIGH | ||
| YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2. | |||||
| CVE-2025-30793 | 2025-04-01 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed allows Path Traversal. This issue affects Houzez Property Feed: from n/a through 2.5.4. | |||||
| CVE-2025-30882 | 2025-04-01 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.1. | |||||
| CVE-2025-30878 | 2025-04-01 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.2. | |||||
| CVE-2023-24057 | 2 Hapifhir, Hl7 | 2 Hl7 Fhir Core, Fhir Ig Publisher | 2025-04-01 | N/A | 8.1 HIGH |
| HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive). | |||||
| CVE-2024-34245 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.5 MEDIUM |
| An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. | |||||
| CVE-2025-27837 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. | |||||
| CVE-2022-25882 | 1 Linuxfoundation | 1 Onnx | 2025-04-01 | N/A | 7.5 HIGH |
| Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | |||||
| CVE-2022-21192 | 1 Serve-lite Project | 1 Serve-lite | 2025-04-01 | N/A | 7.5 HIGH |
| All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join(). | |||||
| CVE-2022-47951 | 2 Debian, Openstack | 4 Debian Linux, Cinder, Glance and 1 more | 2025-03-31 | N/A | 5.7 MEDIUM |
| An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. | |||||
| CVE-2024-30417 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-29 | N/A | 7.5 HIGH |
| Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-29434 | 2025-03-29 | N/A | 8.3 HIGH | ||
| An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. | |||||