Total
7440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | |||||
| CVE-2025-2264 | 1 Santesoft | 1 Sante Pacs Server | 2025-04-03 | N/A | 7.5 HIGH |
| A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. | |||||
| CVE-2022-47747 | 1 Uber | 1 Kraken | 2025-04-03 | N/A | 7.5 HIGH |
| kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. | |||||
| CVE-2025-25371 | 1 Nasa | 1 Cfs | 2025-04-03 | N/A | 7.5 HIGH |
| NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | |||||
| CVE-2022-46639 | 1 Correos | 1 Correos | 2025-04-03 | N/A | 7.5 HIGH |
| A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | |||||
| CVE-2022-46959 | 1 Sonic Project | 1 Sonic | 2025-04-03 | N/A | 4.3 MEDIUM |
| An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. | |||||
| CVE-2022-25377 | 1 Appwrite | 1 Appwrite | 2025-04-03 | N/A | 7.5 HIGH |
| The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.) | |||||
| CVE-2024-9676 | 1 Redhat | 15 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 12 more | 2025-04-03 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | |||||
| CVE-2004-0847 | 1 Microsoft | 1 Asp.net | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | |||||
| CVE-2002-2238 | 1 Kunani | 1 Kunani Odbc Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request. | |||||
| CVE-2005-3355 | 1 Gnu | 1 Gnump3d | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | |||||
| CVE-2006-3360 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. | |||||
| CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | |||||
| CVE-2006-0223 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | |||||
| CVE-2005-2378 | 1 Oracle | 1 Reports | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. | |||||
| CVE-2002-2375 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. | |||||
| CVE-2004-2749 | 1 2wire | 1 Homeportal | 2025-04-03 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | |||||
| CVE-2002-2269 | 1 Webster | 1 Webster Http Server | 2025-04-03 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2006-0795 | 1 Thomastsoi | 1 Quirex | 2025-04-03 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | |||||
| CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | |||||