Total
8220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68145 | 2025-12-18 | N/A | N/A | ||
| In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue. | |||||
| CVE-2025-68143 | 2025-12-18 | N/A | N/A | ||
| Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue. | |||||
| CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Cloud Backup and 7 more | 2025-12-18 | 2.7 LOW | 5.7 MEDIUM |
| There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | |||||
| CVE-2025-43463 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Tahoe 26.1, macOS Sequoia 15.7.3. An app may be able to access sensitive user data. | |||||
| CVE-2025-43382 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data. | |||||
| CVE-2020-36893 | 1 Eibiz | 1 I-media Server Digital Signage | 2025-12-17 | N/A | 7.5 HIGH |
| Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini. | |||||
| CVE-2020-36898 | 1 Howfor | 1 Qihang Media Web Digital Signage | 2025-12-17 | N/A | 9.1 CRITICAL |
| QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences. | |||||
| CVE-2025-65792 | 1 Datagear | 1 Datagear | 2025-12-17 | N/A | 9.1 CRITICAL |
| DataGear v5.5.0 is vulnerable to Arbitrary File Deletion. | |||||
| CVE-2025-65814 | 1 A1apps | 1 Office App-edit Word\, Pdf File | 2025-12-17 | N/A | 6.5 MEDIUM |
| A lack of security checks in the file import process of RHOPHI Analytics LLP Office App-Edit Word v6.4.1 allows attackers to execute a directory traversal. | |||||
| CVE-2025-67643 | 1 Jenkins | 1 Redpen - Pipeline Reporter For Jira | 2025-12-17 | N/A | 4.3 MEDIUM |
| Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory. | |||||
| CVE-2016-20023 | 1 Cksource | 1 Ckfinder | 2025-12-17 | N/A | 5.0 MEDIUM |
| In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. | |||||
| CVE-2025-43465 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-65345 | 1 Alexusmai | 1 Laravel File Manager | 2025-12-16 | N/A | 6.5 MEDIUM |
| alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation. | |||||
| CVE-2025-54307 | 1 Thermofisher | 1 Torrent Suite Software | 2025-12-16 | N/A | 8.8 HIGH |
| An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The plupload_file_upload function handles these file uploads and constructs the destination file path by using either the name parameter or the uploaded filename, neither of which is properly sanitized. The file extension is extracted by splitting the filename, and a format string is used to construct the final file path, leaving the destination path vulnerable to path traversal. An authenticated attacker with network connectivity can write arbitrary files to the server, enabling remote code execution after overwriting an executable file. An example is the pdflatex executable, which is executed through subprocess.Popen in the write_report_pdf function after requests to a /report/latex/(\d+).pdf endpoint. | |||||
| CVE-2025-65346 | 1 Alexusmai | 1 Laravel File Manager | 2025-12-16 | N/A | 9.1 CRITICAL |
| alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths. | |||||
| CVE-2015-10136 | 1 Zishanj | 1 Gi-media-library | 2025-12-16 | N/A | 7.5 HIGH |
| The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-61811 | 1 Adobe | 1 Coldfusion | 2025-12-16 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute malicious code. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2022-4510 | 1 Microsoft | 1 Binwalk | 2025-12-16 | N/A | 7.8 HIGH |
| A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included. | |||||
| CVE-2025-65287 | 1 Cdpenergy | 2 Snmp Web Pro, Snmp Web Pro Firmware | 2025-12-15 | N/A | 4.3 MEDIUM |
| An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path (/var/www/files/userScript/) using memcpy + strcat without validation or canonicalization, enabling ../ sequences to escape the intended directory. The download branch also echoes the unsanitized params into Content-Disposition, introducing header-injection risk. | |||||
| CVE-2025-67742 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 3.8 LOW |
| In JetBrains TeamCity before 2025.11 path traversal was possible via file upload | |||||