Total
7378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45381 | 1 Jenkins | 1 Pipeline Utility Steps | 2025-04-30 | N/A | 8.1 HIGH |
| Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | |||||
| CVE-2022-42892 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2025-04-30 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. | |||||
| CVE-2022-42125 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 7.5 HIGH |
| Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. | |||||
| CVE-2022-38165 | 1 Withsecure | 1 F-secure Policy Manager | 2025-04-30 | N/A | 9.8 CRITICAL |
| Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. | |||||
| CVE-2024-20345 | 1 Cisco | 1 Appdynamics Controller | 2025-04-30 | N/A | 6.5 MEDIUM |
| A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. | |||||
| CVE-2022-41712 | 1 Frappe | 1 Frappe | 2025-04-29 | N/A | 6.5 MEDIUM |
| Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | |||||
| CVE-2025-3300 | 2025-04-29 | N/A | 7.2 HIGH | ||
| The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-3065 | 2025-04-29 | N/A | 9.1 CRITICAL | ||
| The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2025-1565 | 2025-04-29 | N/A | 7.5 HIGH | ||
| The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-28354 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
| An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request. | |||||
| CVE-2025-27937 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
| Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product. | |||||
| CVE-2025-26692 | 2025-04-29 | N/A | 8.1 HIGH | ||
| Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running. | |||||
| CVE-2018-14847 | 1 Mikrotik | 1 Routeros | 2025-04-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | |||||
| CVE-2022-45921 | 1 Fusionauth | 1 Fusionauth | 2025-04-28 | N/A | 7.5 HIGH |
| FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | |||||
| CVE-2022-39178 | 1 Webvendome Project | 1 Webvendome | 2025-04-28 | N/A | 5.3 MEDIUM |
| Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. | |||||
| CVE-2022-44653 | 1 Trendmicro | 1 Apex One | 2025-04-28 | N/A | 7.8 HIGH |
| A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-28072 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-04-28 | N/A | 7.5 HIGH |
| PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php. | |||||
| CVE-2024-55516 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2025-04-28 | N/A | 9.1 CRITICAL |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | |||||
| CVE-2024-55515 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2025-04-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded. | |||||
| CVE-2024-55513 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2025-04-28 | N/A | 9.1 CRITICAL |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | |||||