Total
7751 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13435 | 1 Dreampie | 1 Resty | 2025-12-11 | 5.1 MEDIUM | 5.6 MEDIUM |
| A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12382 | 2 Algosec, Linux | 2 Firewall Analyzer, Linux Kernel | 2025-12-11 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210). | |||||
| CVE-2025-14182 | 1 Sobey | 1 Media Convergence System | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-13661 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 7.1 HIGH |
| Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. | |||||
| CVE-2025-64057 | 1 Tenda | 2 X210, X210 Firmware | 2025-12-10 | N/A | 8.3 HIGH |
| Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts. | |||||
| CVE-2023-51364 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 8.7 HIGH |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-51365 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 8.7 HIGH |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2025-54293 | 2 Canonical, Linux | 2 Lxd, Linux Kernel | 2025-12-10 | N/A | 6.5 MEDIUM |
| Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links. | |||||
| CVE-2025-54292 | 1 Canonical | 1 Lxd | 2025-12-10 | N/A | 4.6 MEDIUM |
| Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths. | |||||
| CVE-2025-6218 | 2 Microsoft, Rarlab | 2 Windows, Winrar | 2025-12-10 | N/A | 7.8 HIGH |
| RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. | |||||
| CVE-2025-60024 | 1 Fortinet | 1 Fortivoice | 2025-12-09 | N/A | 8.8 HIGH |
| Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands | |||||
| CVE-2025-14311 | 2025-12-09 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JMRI.This issue affects JMRI: before 5.13.3. | |||||
| CVE-2025-14306 | 2025-12-09 | N/A | N/A | ||
| A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/ | |||||
| CVE-2024-12425 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2025-12-08 | N/A | 3.3 LOW |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4. | |||||
| CVE-2025-14220 | 2025-12-08 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2013-5979 | 1 Xibosignage | 1 Xibo | 2025-12-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. | |||||
| CVE-2023-7077 | 1 Sharp | 52 Nec E705, Nec E705 Firmware, Nec E805 and 49 more | 2025-12-08 | N/A | 9.8 CRITICAL |
| Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request. | |||||
| CVE-2025-29843 | 1 Synology | 1 Router Manager | 2025-12-05 | N/A | 5.4 MEDIUM |
| A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files. | |||||
| CVE-2025-29844 | 1 Synology | 1 Router Manager | 2025-12-05 | N/A | 4.3 MEDIUM |
| A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information. | |||||
| CVE-2025-29845 | 1 Synology | 1 Router Manager | 2025-12-05 | N/A | 4.3 MEDIUM |
| A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files. | |||||