Total
7378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48510 | 2 Dotnetzip.semverd Project, Mihula | 2 Dotnetzip.semverd, Prodotnetzip | 2025-05-02 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-37866 | 1 Apache | 1 Ivy | 2025-05-01 | N/A | 7.5 HIGH |
| When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1. | |||||
| CVE-2024-40712 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 7.8 HIGH |
| A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | |||||
| CVE-2024-34787 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | N/A | 7.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2022-20453 | 1 Google | 1 Android | 2025-05-01 | N/A | 5.5 MEDIUM |
| In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 | |||||
| CVE-2024-43440 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 7.5 HIGH |
| A flaw was found in moodle. A local file may include risks when restoring block backups. | |||||
| CVE-2024-43434 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 8.1 HIGH |
| The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability. | |||||
| CVE-2023-4990 | 2 Espeak-ng, Mcl-collection | 3 Espeak Ng, Mcl-net, Mcl-net Firmware | 2025-05-01 | N/A | 8.3 HIGH |
| Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. | |||||
| CVE-2024-52883 | 1 Audiocodes | 1 One Voice Operations Center | 2025-05-01 | N/A | 7.5 HIGH |
| An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication. | |||||
| CVE-2024-37032 | 1 Ollama | 1 Ollama | 2025-05-01 | N/A | 8.8 HIGH |
| Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. | |||||
| CVE-2018-5716 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 8.5 HIGH | 8.1 HIGH |
| An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file. | |||||
| CVE-2021-37500 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | N/A | 8.1 HIGH |
| Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | |||||
| CVE-2022-42977 | 1 Atlassian | 1 Confluence Data Center | 2025-04-30 | N/A | 7.5 HIGH |
| The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. | |||||
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2025-04-30 | N/A | 7.5 HIGH |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | |||||
| CVE-2024-25164 | 1 Idurarapp | 1 Idurar | 2025-04-30 | N/A | 7.5 HIGH |
| iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. | |||||
| CVE-2024-29434 | 1 Alldata | 1 Alldata | 2025-04-30 | N/A | 8.3 HIGH |
| An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. | |||||
| CVE-2025-22926 | 1 Os4ed | 1 Opensis | 2025-04-30 | N/A | 9.8 CRITICAL |
| An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. | |||||
| CVE-2022-44008 | 1 Backclick | 1 Backclick | 2025-04-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. | |||||
| CVE-2022-44006 | 1 Backclick | 1 Backclick | 2025-04-30 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file. | |||||
| CVE-2022-43264 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-30 | N/A | 7.5 HIGH |
| Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. | |||||