Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41310 | 1 Yanzhenjie | 1 Andserver | 2025-03-18 | N/A | 7.5 HIGH |
| AndServer 2.1.12 is vulnerable to Directory Traversal. | |||||
| CVE-2023-40747 | 2025-03-18 | N/A | 7.5 HIGH | ||
| Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. | |||||
| CVE-2024-57669 | 2025-03-18 | N/A | 7.5 HIGH | ||
| Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file. | |||||
| CVE-2023-26255 | 1 Stagil | 1 Stagil Navigation | 2025-03-18 | N/A | 7.5 HIGH |
| An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system. | |||||
| CVE-2023-25265 | 1 Docmosis | 1 Tornado | 2025-03-18 | N/A | 7.5 HIGH |
| Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | |||||
| CVE-2024-38816 | 2025-03-18 | N/A | 7.5 HIGH | ||
| Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use * the application runs on Tomcat or Jetty | |||||
| CVE-2025-0694 | 2025-03-18 | N/A | 6.6 MEDIUM | ||
| Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. | |||||
| CVE-2023-0241 | 1 Pgadmin | 1 Pgadmin 4 | 2025-03-17 | N/A | 6.5 MEDIUM |
| pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database. | |||||
| CVE-2022-0959 | 1 Pgadmin | 1 Pgadmin 4 | 2025-03-17 | 3.5 LOW | 6.5 MEDIUM |
| A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | |||||
| CVE-2025-29787 | 2025-03-17 | N/A | N/A | ||
| `zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. Users who extract untrusted archive files using the following high-level API method may be affected and critical files on the system may be overwritten with arbitrary file permissions, which can potentially lead to code execution. Version 2.3.0 fixes the issue. | |||||
| CVE-2023-26265 | 1 Borg Project | 1 Borg | 2025-03-14 | N/A | 5.3 MEDIUM |
| The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them. | |||||
| CVE-2024-31947 | 1 Stonefly | 1 Storage Concentrator | 2025-03-14 | N/A | 6.5 MEDIUM |
| StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information. | |||||
| CVE-2024-30143 | 2025-03-13 | N/A | 4.3 MEDIUM | ||
| HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is running. | |||||
| CVE-2024-21677 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-03-13 | N/A | 8.8 HIGH |
| This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program. | |||||
| CVE-2024-9939 | 1 Iptanus | 1 Wordpress File Upload | 2025-03-13 | N/A | 7.5 HIGH |
| The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. | |||||
| CVE-2023-52544 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 4.3 MEDIUM |
| Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-35428 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-03-13 | N/A | 7.1 HIGH |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. | |||||
| CVE-2020-36836 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-03-13 | N/A | 8.8 HIGH |
| The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. | |||||
| CVE-2025-1322 | 1 Plechevandrey | 1 Wp-recall | 2025-03-13 | N/A | 4.3 MEDIUM |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to view data from password protected, private, or draft posts that they should not have access to. | |||||
| CVE-2024-31287 | 1 Maxfoundry | 1 Media Library Folders | 2025-03-13 | N/A | 6.5 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. | |||||