Total
7423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2830 | 1 Mozilla | 1 Thunderbird | 2025-06-18 | N/A | 6.3 MEDIUM |
| By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. | |||||
| CVE-2024-10811 | 1 Ivanti | 1 Endpoint Manager | 2025-06-17 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2023-39459 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A | 7.8 HIGH |
| Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531. | |||||
| CVE-2023-39460 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A | 7.2 HIGH |
| Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534. | |||||
| CVE-2024-31818 | 1 Derbynet | 1 Derbynet | 2025-06-17 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | |||||
| CVE-2024-29502 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | |||||
| CVE-2025-49415 | 2025-06-17 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0. | |||||
| CVE-2025-34508 | 2025-06-17 | N/A | 6.3 MEDIUM | ||
| A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service. | |||||
| CVE-2025-3594 | 2025-06-17 | N/A | N/A | ||
| Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitrary locations on the server and (2) download and execute arbitrary files from the download server via the `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter. | |||||
| CVE-2025-6166 | 2025-06-17 | 2.7 LOW | 3.5 LOW | ||
| A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component. | |||||
| CVE-2025-49879 | 2025-06-17 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in themezaa Litho allows Path Traversal. This issue affects Litho: from n/a through 3.0. | |||||
| CVE-2025-28384 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 9.1 CRITICAL |
| An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2025-28382 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2025-27956 | 1 Pixeon | 1 Weblaudos | 2025-06-17 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | |||||
| CVE-2025-22241 | 2025-06-17 | N/A | 5.6 MEDIUM | ||
| File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration. | |||||
| CVE-2023-40264 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2025-06-17 | N/A | 4.3 MEDIUM |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface. | |||||
| CVE-2021-46902 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | N/A | 7.2 HIGH |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls. | |||||
| CVE-2023-40383 | 1 Apple | 1 Macos | 2025-06-17 | N/A | 3.3 LOW |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. | |||||
| CVE-2024-34471 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 5.4 MEDIUM |
| An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. | |||||
| CVE-2023-52289 | 1 Sujeetkv | 1 Flaskcode | 2025-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files. | |||||