Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51966 | 1 Esri | 1 Arcgis Server | 2025-04-10 | N/A | 4.9 MEDIUM |
| There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality. | |||||
| CVE-2024-51958 | 1 Esri | 1 Arcgis Server | 2025-04-10 | N/A | 4.9 MEDIUM |
| There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality. | |||||
| CVE-2024-1303 | 1 Badgermeter | 1 Monitool | 2025-04-10 | N/A | 6.5 MEDIUM |
| Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality. | |||||
| CVE-2023-47803 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2025-04-10 | N/A | 5.3 MEDIUM |
| A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. | |||||
| CVE-2025-3424 | 2025-04-10 | N/A | N/A | ||
| The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior. | |||||
| CVE-2022-45867 | 1 Mybb | 1 Mybb | 2025-04-10 | N/A | 7.2 HIGH |
| MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution. | |||||
| CVE-2022-38723 | 1 Gravitee | 1 Api Management | 2025-04-10 | N/A | 8.6 HIGH |
| Gravitee API Management before 3.15.13 allows path traversal through HTML injection. | |||||
| CVE-2022-37934 | 2 Hp, Hpe | 20 Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a, Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware, Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a and 17 more | 2025-04-10 | N/A | 6.8 MEDIUM |
| A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below. | |||||
| CVE-2022-36943 | 1 Ssziparchive Project | 1 Ssziparchive | 2025-04-10 | N/A | 8.1 HIGH |
| SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item. | |||||
| CVE-2024-54148 | 1 Gogs | 1 Gogs | 2025-04-10 | N/A | 9.8 CRITICAL |
| Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | |||||
| CVE-2024-55947 | 1 Gogs | 1 Gogs | 2025-04-10 | N/A | 8.8 HIGH |
| Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | |||||
| CVE-2023-40496 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 7.5 HIGH |
| LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyStickerContent command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-19923. | |||||
| CVE-2023-40497 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.8 CRITICAL |
| LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveXml command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19924. | |||||
| CVE-2023-40498 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.8 CRITICAL |
| LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19925. | |||||
| CVE-2023-40499 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.1 CRITICAL |
| LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mkdir command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19926. | |||||
| CVE-2023-40502 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.1 CRITICAL |
| LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cropImage command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19951. | |||||
| CVE-2023-40508 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.1 CRITICAL |
| LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putCanvasDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-20010. | |||||
| CVE-2023-40509 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.1 CRITICAL |
| LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCanvas method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-20011. | |||||
| CVE-2023-40514 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 6.5 MEDIUM |
| LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the FileManagerController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20016. | |||||
| CVE-2023-40513 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 6.5 MEDIUM |
| LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the UserManageController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20015. | |||||