Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3405 | 1 Nazgulled | 1 Nzfotolog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter. | |||||
| CVE-2008-4718 | 1 X7 Group | 1 X7 Chat | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156. | |||||
| CVE-2008-5272 | 1 Syndeocms | 1 Syndeocms | 2025-04-09 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php. | |||||
| CVE-2008-5604 | 1 Drennansoft | 1 My Simple Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2008-0333 | 1 Afterlogic | 1 Mailbee Webmail Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. | |||||
| CVE-2010-0012 | 3 Debian, Opensuse, Transmissionbt | 3 Debian Linux, Opensuse, Transmission | 2025-04-09 | 6.8 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file. | |||||
| CVE-2007-5321 | 1 Verlihub-project | 1 Verlihub Control Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-1493 | 1 Cuteflow-bin | 1 Cuteflow Bin | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2022-48253 | 1 Nazgul | 1 Nostromo | 2025-04-08 | N/A | 9.8 CRITICAL |
| nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used. | |||||
| CVE-2025-32018 | 2025-04-08 | N/A | 8.0 HIGH | ||
| Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the user or via maliciously crafted context, to automatically write to files outside of the opened workspace. This behavior required deliberate prompting, making successful exploitation highly impractical in real-world scenarios. Furthermore, the edited file was still displayed in the UI as usual for user review, making it unlikely for the edit to go unnoticed by the user. This vulnerability is fixed in 0.48.7. | |||||
| CVE-2025-2519 | 2025-04-08 | N/A | 6.5 MEDIUM | ||
| The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files. | |||||
| CVE-2024-31240 | 1 Infotheme | 1 Wp Poll Maker | 2025-04-08 | N/A | 7.7 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | |||||
| CVE-2024-3686 | 1 Dedecms | 1 Dedecms | 2025-04-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-45299 | 1 Webbrowser Project | 1 Webbrowser | 2025-04-07 | N/A | 9.8 CRITICAL |
| An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | |||||
| CVE-2023-22320 | 1 Openam | 1 Openam | 2025-04-07 | N/A | 7.5 HIGH |
| OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly. | |||||
| CVE-2022-42136 | 1 Mailenable | 1 Mailenable | 2025-04-07 | N/A | 8.8 HIGH |
| Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands. | |||||
| CVE-2022-43975 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. | |||||
| CVE-2025-31825 | 2025-04-07 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pixelgrade Category Icon allows Path Traversal. This issue affects Category Icon: from n/a through 1.0.0. | |||||
| CVE-2025-31827 | 2025-04-07 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vlad.olaru Fonto allows Path Traversal. This issue affects Fonto: from n/a through 1.2.2. | |||||
| CVE-2025-31800 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio allows Path Traversal. This issue affects Publitio: from n/a through 2.1.8. | |||||