Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34048 | 2025-06-26 | N/A | N/A | ||
| A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. | |||||
| CVE-2025-3722 | 2025-06-26 | N/A | N/A | ||
| A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure. | |||||
| CVE-2025-45890 | 1 Xxyopen | 1 Novel-plus | 2025-06-26 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter | |||||
| CVE-2018-14672 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | |||||
| CVE-2025-47511 | 1 Welcart | 1 Welcart E-commerce | 2025-06-25 | N/A | 6.8 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13. | |||||
| CVE-2025-6218 | 2 Microsoft, Rarlab | 2 Windows, Winrar | 2025-06-25 | N/A | 7.8 HIGH |
| RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. | |||||
| CVE-2025-3686 | 1 Misstt123 | 1 Oasys | 2025-06-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-48957 | 1 Astrbot | 1 Astrbot | 2025-06-25 | N/A | 7.5 HIGH |
| AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue. | |||||
| CVE-2025-50348 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-06-25 | N/A | 7.5 HIGH |
| PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php. | |||||
| CVE-2025-50349 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-06-25 | N/A | 7.5 HIGH |
| PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php. | |||||
| CVE-2025-48273 | 1 Wpjobportal | 1 Wp Job Portal | 2025-06-24 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2. | |||||
| CVE-2024-48766 | 1 Netalertx | 1 Netalertx | 2025-06-24 | N/A | 8.6 HIGH |
| NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php. | |||||
| CVE-2025-48026 | 2025-06-24 | N/A | 7.5 HIGH | ||
| A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to read files from the underlying OS and obtain sensitive information. | |||||
| CVE-2024-46327 | 1 Vonets | 2 Vap11g-300, Vap11g-300 Firmware | 2025-06-24 | N/A | 5.7 MEDIUM |
| An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. | |||||
| CVE-2025-4661 | 2025-06-23 | N/A | N/A | ||
| A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit | |||||
| CVE-2025-34022 | 2025-06-23 | N/A | N/A | ||
| A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. | |||||
| CVE-2025-34023 | 2025-06-23 | N/A | N/A | ||
| A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences (e.g., ../../). This can expose sensitive files such as /etc/passwd and /etc/shadow. | |||||
| CVE-2025-3577 | 1 Zyxel | 2 Amg1302-t10b, Amg1302-t10b Firmware | 2025-06-23 | N/A | 4.9 MEDIUM |
| **UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device. | |||||
| CVE-2024-35324 | 1 Douchat | 1 Douchat | 2025-06-23 | N/A | 9.8 CRITICAL |
| Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php. | |||||
| CVE-2024-5154 | 2 Kubernetes, Redhat | 3 Cri-o, Enterprise Linux, Openshift Container Platform | 2025-06-23 | N/A | 8.1 HIGH |
| A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | |||||