Total
7378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20352 | 1 Cisco | 1 Emergency Responder | 2025-05-07 | N/A | 4.9 MEDIUM |
| A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system. | |||||
| CVE-2022-26884 | 1 Apache | 1 Dolphinscheduler | 2025-05-07 | N/A | 6.5 MEDIUM |
| Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | |||||
| CVE-2024-20348 | 1 Cisco | 1 Nexus Dashboard Fabric Controller | 2025-05-07 | N/A | 7.5 HIGH |
| A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure. | |||||
| CVE-2021-40661 | 1 Mt | 2 Ind780, Ind780 Firmware | 2025-05-07 | N/A | 7.5 HIGH |
| A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. | |||||
| CVE-2024-28151 | 1 Jenkins | 1 Html Publisher | 2025-05-06 | N/A | 4.3 MEDIUM |
| Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it. | |||||
| CVE-2025-29789 | 1 Open-emr | 1 Openemr | 2025-05-06 | N/A | 7.5 HIGH |
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue. | |||||
| CVE-2022-32938 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | N/A | 5.3 MEDIUM |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. | |||||
| CVE-2024-24994 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24992 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-23535 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24997 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24999 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-25000 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-25461 | 1 Creatio | 1 Crm Creatio | 2025-05-06 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. | |||||
| CVE-2018-1002205 | 1 Dotnetzip.semverd Project | 1 Dotnetzip.semverd | 2025-05-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | |||||
| CVE-2024-27976 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-27977 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.1 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | |||||
| CVE-2024-31860 | 1 Apache | 1 Zeppelin | 2025-05-06 | N/A | 6.5 MEDIUM |
| Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | |||||
| CVE-2024-27984 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.1 HIGH |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | |||||
| CVE-2022-34662 | 1 Apache | 1 Dolphinscheduler | 2025-05-06 | N/A | 6.5 MEDIUM |
| When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | |||||