Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44016 | 1 Simmeth | 1 Lieferantenmanager | 2025-04-15 | N/A | 7.5 HIGH |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value. | |||||
| CVE-2022-46492 | 1 Nbnbk Project | 1 Nbnbk | 2025-04-15 | N/A | 6.5 MEDIUM |
| nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary. | |||||
| CVE-2022-45894 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | N/A | 6.5 MEDIUM |
| GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. | |||||
| CVE-2023-0582 | 1 Forgerock | 1 Access Management | 2025-04-14 | N/A | 8.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | |||||
| CVE-2023-0511 | 1 Forgerock | 1 Java Policy Agents | 2025-04-14 | N/A | 9.1 CRITICAL |
| Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 | |||||
| CVE-2023-0339 | 1 Forgerock | 1 Web Policy Agents | 2025-04-14 | N/A | 9.1 CRITICAL |
| Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 | |||||
| CVE-2021-39369 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-14 | N/A | 6.5 MEDIUM |
| In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | |||||
| CVE-2024-34315 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 7.5 HIGH |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||||
| CVE-2025-2917 | 1 1000cms | 1 Chestnutcms | 2025-04-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-32163 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 6.4 MEDIUM |
| CMSeasy 7.7.7.9 is vulnerable to code execution. | |||||
| CVE-2023-40279 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do. | |||||
| CVE-2023-40280 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp. | |||||
| CVE-2015-0557 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. | |||||
| CVE-2015-8228 | 1 Huawei | 10 Ar120, Ar1200, Ar150 and 7 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | |||||
| CVE-2016-2289 | 1 Iconics | 1 Webhmi | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | |||||
| CVE-2012-5641 | 2 Apache, Mochiweb Project | 2 Couchdb, Mochiweb | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. | |||||
| CVE-2013-6771 | 1 Splunk | 1 Splunk | 2025-04-12 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script. | |||||
| CVE-2014-9119 | 1 Db Backup Project | 1 Db Backup | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2014-3317 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | |||||
| CVE-2014-2210 | 1 Ca | 1 Erwin Web Portal | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. | |||||