Total
8213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59384 | 1 Qnap | 1 Qfiling | 2026-01-22 | N/A | 7.5 HIGH |
| A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later | |||||
| CVE-2025-67083 | 1 Invoiceplane | 1 Invoiceplane | 2026-01-22 | N/A | 5.3 MEDIUM |
| Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration. | |||||
| CVE-2026-22249 | 1 Docmost | 1 Docmost | 2026-01-22 | N/A | 7.1 HIGH |
| Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability is fixed in 0.24.0. | |||||
| CVE-2025-46363 | 1 Dell | 1 Secure Connect Gateway | 2026-01-21 | N/A | 4.3 MEDIUM |
| Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | |||||
| CVE-2025-22397 | 1 Dell | 4 Idrac10, Idrac10 Firmware, Idrac9 and 1 more | 2026-01-21 | N/A | 6.7 MEDIUM |
| Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-11531 | 1 Hp | 2 Omen Gaming Hub, System Event Utility | 2026-01-21 | N/A | 8.8 HIGH |
| HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0. | |||||
| CVE-2020-36883 | 1 Spinetix | 1 Fusion Digital Signage | 2026-01-21 | N/A | 8.1 HIGH |
| SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests. | |||||
| CVE-2026-22871 | 1 Datadoghq | 1 Guarddog | 2026-01-21 | N/A | 9.8 CRITICAL |
| GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1. | |||||
| CVE-2025-67076 | 1 Agora-project | 1 Agora-project | 2026-01-21 | N/A | 7.5 HIGH |
| Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read. | |||||
| CVE-2025-44137 | 1 Maptiler | 1 Tileserver Php | 2026-01-20 | N/A | 8.2 HIGH |
| MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format" | |||||
| CVE-2026-21857 | 1 Redaxo | 1 Redaxo | 2026-01-20 | N/A | 6.5 MEDIUM |
| REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue. | |||||
| CVE-2022-50939 | 1 E107 | 1 E107 | 2026-01-20 | N/A | 7.2 HIGH |
| e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface. | |||||
| CVE-2025-64235 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6. | |||||
| CVE-2025-64230 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through <= 1.2.10. | |||||
| CVE-2025-60242 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through <= 1.4. | |||||
| CVE-2025-60227 | 1 Thimpress | 1 Wp Pipes | 2026-01-20 | N/A | 8.6 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3. | |||||
| CVE-2025-60217 | 2026-01-20 | N/A | 7.7 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through <= 1.2.2. | |||||
| CVE-2025-59566 | 2026-01-20 | N/A | 7.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows Path Traversal.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.5. | |||||
| CVE-2025-58959 | 2026-01-20 | N/A | 7.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4. | |||||
| CVE-2025-54748 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through < 8.6.12. | |||||