Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39786 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter. | |||||
| CVE-2024-12083 | 2025-01-14 | N/A | 6.6 MEDIUM | ||
| Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products. | |||||
| CVE-2023-29380 | 1 Linuxmint | 1 Warpinator | 2025-01-13 | N/A | 7.5 HIGH |
| Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. | |||||
| CVE-2022-36243 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | N/A | 5.3 MEDIUM |
| Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. | |||||
| CVE-2023-30196 | 1 Webbax | 1 Salesbooster | 2025-01-13 | N/A | 7.5 HIGH |
| Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. | |||||
| CVE-2023-52953 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.2 MEDIUM |
| Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2022-29081 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | |||||
| CVE-2025-0401 | 2025-01-13 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-22152 | 2025-01-10 | N/A | 9.1 CRITICAL | ||
| Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack vectors present in multiple PHP files. This vulnerability is fixed in v600. | |||||
| CVE-2024-38819 | 2025-01-10 | N/A | 7.5 HIGH | ||
| Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | |||||
| CVE-2024-10005 | 1 Hashicorp | 1 Consul | 2025-01-10 | N/A | 8.1 HIGH |
| A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. | |||||
| CVE-2024-37372 | 2025-01-09 | N/A | 3.6 LOW | ||
| The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. | |||||
| CVE-2023-30197 | 1 Webbax | 1 Myinventory | 2025-01-09 | N/A | 7.5 HIGH |
| Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack. | |||||
| CVE-2023-29159 | 1 Encode | 1 Starlette | 2025-01-09 | N/A | 7.5 HIGH |
| Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | |||||
| CVE-2023-27639 | 1 Tshirtecommerce | 1 Custom Product Designer | 2025-01-09 | N/A | 7.5 HIGH |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023. | |||||
| CVE-2023-25750 | 1 Mozilla | 1 Firefox | 2025-01-09 | N/A | 4.3 MEDIUM |
| Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. | |||||
| CVE-2024-9575 | 2025-01-09 | N/A | N/A | ||
| Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5. | |||||
| CVE-2023-29736 | 1 Timmystudios | 1 Keyboard Themes | 2025-01-09 | N/A | 9.8 CRITICAL |
| Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. | |||||
| CVE-2023-33544 | 1 Hawt | 1 Hawtio | 2025-01-09 | N/A | 5.5 MEDIUM |
| hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite. | |||||
| CVE-2024-29196 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-01-09 | N/A | 3.8 LOW |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6. | |||||