Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0818 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-23 | N/A | 9.1 CRITICAL |
| Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 | |||||
| CVE-2024-25156 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-01-23 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. | |||||
| CVE-2024-42187 | 2025-01-23 | N/A | 5.3 MEDIUM | ||
| BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks. | |||||
| CVE-2024-38768 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 4.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion, Path Traversal.This issue affects The Pack Elementor addons: from n/a through 2.0.8.6. | |||||
| CVE-2023-30509 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-22 | N/A | 4.9 MEDIUM |
| Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2023-30508 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-22 | N/A | 4.9 MEDIUM |
| Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2024-50453 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 7.5 HIGH |
| Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9. | |||||
| CVE-2024-1974 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | N/A | 8.8 HIGH |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2023-32767 | 1 Symcon | 1 Ip Symcon | 2025-01-22 | N/A | 7.5 HIGH |
| The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. | |||||
| CVE-2022-32427 | 1 Printerlogic | 1 Windows Client | 2025-01-22 | N/A | 8.8 HIGH |
| PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected are advised to upgrade. | |||||
| CVE-2025-23562 | 2025-01-22 | N/A | 5.8 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound XLSXviewer allows Path Traversal. This issue affects XLSXviewer: from n/a through 2.1.1. | |||||
| CVE-2024-32117 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | N/A | 4.9 MEDIUM |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. | |||||
| CVE-2024-32116 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | N/A | 5.1 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | |||||
| CVE-2024-33502 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2025-01-21 | N/A | 6.5 MEDIUM |
| An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. | |||||
| CVE-2021-26102 | 1 Fortinet | 1 Fortiwan | 2025-01-21 | N/A | 9.8 CRITICAL |
| A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value. | |||||
| CVE-2023-31904 | 1 Savysoda | 1 Wifi Hd Wireless Disk Drive | 2025-01-21 | N/A | 7.5 HIGH |
| savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion. | |||||
| CVE-2023-30199 | 1 Webbax | 1 Customexporter | 2025-01-21 | N/A | 7.5 HIGH |
| Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. | |||||
| CVE-2024-25154 | 1 Fortra | 1 Filecatalyst Direct | 2025-01-21 | N/A | 5.3 MEDIUM |
| Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. | |||||
| CVE-2023-6825 | 1 Mndpsingh287 | 1 File Manager | 2025-01-21 | N/A | 9.9 CRITICAL |
| The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users. | |||||
| CVE-2024-28976 | 1 Dell | 1 Repository Manager | 2025-01-21 | N/A | 8.8 HIGH |
| Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application. | |||||