Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24307 | 1 Prestalife | 1 Product Designer | 2025-05-15 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method. | |||||
| CVE-2024-24940 | 1 Jetbrains | 1 Intellij Idea | 2025-05-15 | N/A | 2.8 LOW |
| In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | |||||
| CVE-2024-24398 | 1 Stimulsoft | 1 Dashboards.php | 2025-05-15 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. | |||||
| CVE-2023-7077 | 1 Sharp | 52 Nec E705, Nec E705 Firmware, Nec E805 and 49 more | 2025-05-15 | N/A | 9.8 CRITICAL |
| Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request. | |||||
| CVE-2023-40266 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2025-05-15 | N/A | 9.8 CRITICAL |
| An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | |||||
| CVE-2022-22128 | 1 Tableau | 1 Tableau Server | 2025-05-13 | N/A | 9.8 CRITICAL |
| Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates. | |||||
| CVE-2025-22479 | 1 Dell | 1 Storage Manager | 2025-05-13 | N/A | 3.5 LOW |
| Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | |||||
| CVE-2024-57451 | 1 1000mz | 1 Chestnutcms | 2025-05-13 | N/A | 7.5 HIGH |
| ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. | |||||
| CVE-2024-6648 | 1 Apollotheme | 1 Ap Pagebuilder | 2025-05-13 | N/A | 7.5 HIGH |
| Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system. | |||||
| CVE-2022-3060 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 7.3 HIGH |
| Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | |||||
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2025-05-13 | N/A | 7.5 HIGH |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | |||||
| CVE-2024-27279 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | N/A | 6.5 MEDIUM |
| Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files. | |||||
| CVE-2024-25859 | 1 Phillipsdata | 1 Blesta | 2025-05-13 | N/A | 7.1 HIGH |
| A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. | |||||
| CVE-2025-25997 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-13 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. | |||||
| CVE-2024-39722 | 1 Ollama | 1 Ollama | 2025-05-13 | N/A | 7.5 HIGH |
| An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route. | |||||
| CVE-2023-51401 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | N/A | 6.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. | |||||
| CVE-2025-2032 | 1 1000mz | 1 Chestnutcms | 2025-05-12 | 2.7 LOW | 3.5 LOW |
| A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4377 | 2025-05-12 | N/A | N/A | ||
| Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165. | |||||
| CVE-2025-44021 | 2025-05-12 | N/A | 2.8 LOW | ||
| OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1. | |||||
| CVE-2025-4511 | 2025-05-12 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component quick-img2txt. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||