Total
8486 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27055 | 1 Aver | 1 Ptzapp 2 | 2025-02-21 | N/A | 7.5 HIGH |
| Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request. | |||||
| CVE-2022-35235 | 1 Xplodedthemes | 1 Wpide - File Manager \& Code Editor | 2025-02-20 | N/A | 4.9 MEDIUM |
| Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | |||||
| CVE-2022-31475 | 1 Givewp | 1 Givewp | 2025-02-20 | N/A | 5.5 MEDIUM |
| Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | |||||
| CVE-2024-11343 | 1 Progress | 1 Telerik Document Processing Libraries | 2025-02-20 | N/A | 8.3 HIGH |
| In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | |||||
| CVE-2022-41840 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 7.5 HIGH |
| Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | |||||
| CVE-2022-32199 | 1 Scriptcase | 1 Scriptcase | 2025-02-19 | N/A | 6.5 MEDIUM |
| db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. | |||||
| CVE-2025-0572 | 1 Santesoft | 1 Sante Pacs Server | 2025-02-19 | N/A | 4.3 MEDIUM |
| Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308. | |||||
| CVE-2025-0573 | 1 Santesoft | 1 Sante Pacs Server | 2025-02-19 | N/A | 5.3 MEDIUM |
| Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25309. | |||||
| CVE-2023-0467 | 1 Wppool | 1 Wp Dark Mode | 2025-02-19 | N/A | 4.3 MEDIUM |
| The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. | |||||
| CVE-2023-27700 | 1 Muyucms Project | 1 Muyucms | 2025-02-18 | N/A | 8.1 HIGH |
| MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html. | |||||
| CVE-2022-2560 | 1 Enterprisedt | 1 Completeftp Server | 2025-02-18 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481. | |||||
| CVE-2021-27798 | 1 Broadcom | 1 Fabric Operating System | 2025-02-15 | N/A | 5.5 MEDIUM |
| A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report. | |||||
| CVE-2020-19279 | 1 Wide Project | 1 Wide | 2025-02-14 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links. | |||||
| CVE-2024-23673 | 1 Apache | 1 Sling Servlets Resolver | 2025-02-13 | N/A | 8.5 HIGH |
| Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. | |||||
| CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2025-02-13 | N/A | 8.2 HIGH |
| Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | |||||
| CVE-2023-34478 | 1 Apache | 1 Shiro | 2025-02-13 | N/A | 9.8 CRITICAL |
| Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ | |||||
| CVE-2023-31427 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | N/A | 7.8 HIGH |
| Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | |||||
| CVE-2022-47501 | 1 Apache | 1 Ofbiz | 2025-02-13 | N/A | 7.5 HIGH |
| Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. | |||||
| CVE-2022-23854 | 1 Aveva | 1 Intouch Access Anywhere | 2025-02-13 | N/A | 7.5 HIGH |
| AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. | |||||
| CVE-2023-25305 | 1 Polymc | 1 Polymc | 2025-02-13 | N/A | 7.1 HIGH |
| PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. | |||||