Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49780 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-11 | N/A | 5.3 MEDIUM |
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files. | |||||
| CVE-2025-27397 | 2025-03-11 | N/A | 3.8 LOW | ||
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' . | |||||
| CVE-2025-27395 | 2025-03-11 | N/A | 7.2 HIGH | ||
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files. | |||||
| CVE-2024-27770 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal | |||||
| CVE-2024-27771 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | |||||
| CVE-2024-27768 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 9.8 CRITICAL |
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | |||||
| CVE-2023-26758 | 1 Smeup | 1 Erp | 2025-03-10 | N/A | 7.5 HIGH |
| Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | |||||
| CVE-2024-8262 | 1 Prolizyazilim | 1 Student Affairs Information System | 2025-03-10 | N/A | 6.2 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal.This issue affects OBS: before 24.0927. | |||||
| CVE-2021-27065 | 1 Microsoft | 1 Exchange Server | 2025-03-07 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-22776 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | N/A | 4.9 MEDIUM |
| An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2023-22774 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | N/A | 7.2 HIGH |
| Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | |||||
| CVE-2023-22773 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | N/A | 7.2 HIGH |
| Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | |||||
| CVE-2023-22772 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 6.5 MEDIUM |
| An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. | |||||
| CVE-2025-27519 | 2025-03-07 | N/A | N/A | ||
| Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setup using Docker. Because the docker environment sets up the backend uvicorn server with auto reload enabled, when an attacker overwrites the /app/backend/__init__.py file, the file will automatically be reloaded and executed. This allows an attacker to get remote code execution in the context of the Docker container. This vulnerability is fixed in commit a78bd065e05a1b30a53a3386cc02e08c317d2243. | |||||
| CVE-2024-39621 | 1 Cridio | 1 Listingpro | 2025-03-07 | N/A | 8.0 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3. | |||||
| CVE-2024-39619 | 1 Cridio | 1 Listingpro | 2025-03-07 | N/A | 9.0 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3. | |||||
| CVE-2024-39624 | 1 Cridio | 1 Listingpro | 2025-03-07 | N/A | 8.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3. | |||||
| CVE-2024-12035 | 2025-03-07 | N/A | 8.8 HIGH | ||
| The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2024-10804 | 2025-03-07 | N/A | 7.5 HIGH | ||
| The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-2032 | 2025-03-06 | 2.7 LOW | 3.5 LOW | ||
| A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used. | |||||