Total
6998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46646 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 6.5 MEDIUM |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | |||||
| CVE-2024-46647 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 6.5 MEDIUM |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | |||||
| CVE-2024-46648 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 7.5 HIGH |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | |||||
| CVE-2024-46649 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 7.5 HIGH |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | |||||
| CVE-2022-41591 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
| The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. | |||||
| CVE-2022-25895 | 1 Lite-dev-server Project | 1 Lite-dev-server | 2025-04-16 | N/A | 7.5 HIGH |
| All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2024-33869 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 5.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. | |||||
| CVE-2024-33870 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 6.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. | |||||
| CVE-2024-46375 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | |||||
| CVE-2024-46376 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | |||||
| CVE-2024-33350 | 1 Taogogo | 1 Taocms | 2025-04-16 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | |||||
| CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | N/A | 6.5 MEDIUM |
| Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | |||||
| CVE-2022-25931 | 1 Easy-static-server Project | 1 Easy-static-server | 2025-04-16 | N/A | 7.5 HIGH |
| All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2024-53961 | 1 Adobe | 1 Coldfusion | 2025-04-16 | N/A | 8.1 HIGH |
| ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. Exploitation of this issue requires the admin panel be exposed to the internet. | |||||
| CVE-2025-3686 | 2025-04-16 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-27410 | 1 Pwndoc Project | 1 Pwndoc | 2025-04-16 | N/A | 6.5 MEDIUM |
| PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included `.js` file and restarting the container, this allows for Remote Code Execution as an administrator. The remote code execution occurs because any user with the `backups:create` and `backups:update` (only administrators by default) is able to overwrite any file on the system. Version 1.2.0 fixes the issue. | |||||
| CVE-2024-22851 | 1 Liveconfig | 1 Liveconfig | 2025-04-15 | N/A | 7.5 HIGH |
| Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | |||||
| CVE-2023-46988 | 2025-04-15 | N/A | 6.7 MEDIUM | ||
| Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS). | |||||
| CVE-2024-29502 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | |||||
| CVE-2025-27413 | 1 Pwndoc Project | 1 Pwndoc | 2025-04-15 | N/A | 6.5 MEDIUM |
| PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal (`../`) sequences. This is problematic for the template update functionality as it uses the path from the database to write arbitrary content to, potentially overwriting source code to achieve Remote Code Execution. Any user with the `backups:create`, `backups:update` and `templates:update` permissions (only administrators by default) can write arbitrary content to anywhere on the filesystem. By overwriting source code, it is possible to achieve Remote Code Execution. Version 1.2.0 fixes the issue. | |||||