Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25305 | 1 Polymc | 1 Polymc | 2025-02-13 | N/A | 7.1 HIGH |
| PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. | |||||
| CVE-2023-25303 | 1 Atlauncher | 1 Atlauncher | 2025-02-13 | N/A | 7.1 HIGH |
| ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. | |||||
| CVE-2024-2362 | 3 Linux, Lollms, Microsoft | 3 Linux Kernel, Lollms Web Ui, Windows | 2025-02-13 | N/A | 9.1 CRITICAL |
| A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory. | |||||
| CVE-2024-47265 | 2025-02-13 | N/A | 6.5 MEDIUM | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors. | |||||
| CVE-2019-7194 | 1 Qnap | 2 Photo Station, Qts | 2025-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. | |||||
| CVE-2019-7195 | 1 Qnap | 2 Photo Station, Qts | 2025-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. | |||||
| CVE-2024-47266 | 2025-02-13 | N/A | 2.7 LOW | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors. | |||||
| CVE-2025-1228 | 2025-02-12 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2023-26820 | 1 Siteproxy Project | 1 Siteproxy | 2025-02-12 | N/A | 7.5 HIGH |
| siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. | |||||
| CVE-2019-16278 | 1 Nazgul | 1 Nostromo Nhttpd | 2025-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | |||||
| CVE-2018-5430 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2025-02-12 | 4.0 MEDIUM | 8.8 HIGH |
| The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2. | |||||
| CVE-2018-18809 | 1 Tibco | 4 Jasperreports Library, Jasperreports Server, Jaspersoft and 1 more | 2025-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. | |||||
| CVE-2019-18187 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2025-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. | |||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2025-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | |||||
| CVE-2020-19678 | 2 Oisf, Pfsense | 3 Suricata, Pfsense, Suricata Package | 2025-02-12 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. | |||||
| CVE-2024-54909 | 2025-02-12 | N/A | 8.1 HIGH | ||
| A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. | |||||
| CVE-2023-29478 | 1 Bibliocraftmod | 1 Bibliocraft | 2025-02-11 | N/A | 9.8 CRITICAL |
| BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution. | |||||
| CVE-2025-25163 | 1 Pluginab | 1 Plugin A\/b Image Optimizer | 2025-02-11 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3. | |||||
| CVE-2024-36508 | 2025-02-11 | N/A | 6.0 MEDIUM | ||
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system. | |||||
| CVE-2024-55214 | 2025-02-11 | N/A | 6.5 MEDIUM | ||
| Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. | |||||