Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64433 | 1 Kubevirt | 1 Kubevirt | 2025-11-25 | N/A | 6.5 MEDIUM |
| KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM. Specifically, if a malicious user has full or partial control over the contents of a PVC, they can create a symbolic link that points to a file within the virt-launcher pod's file system. Since libvirt can treat regular files as block devices, any file on the pod's file system that is symlinked in this way can be mounted into the VM and subsequently read. Although a security mechanism exists where VMs are executed as an unprivileged user with UID 107 inside the virt-launcher container, limiting the scope of accessible resources, this restriction is bypassed due to a second vulnerability. The latter causes the ownership of any file intended for mounting to be changed to the unprivileged user with UID 107 prior to mounting. As a result, an attacker can gain access to and read arbitrary files located within the virt-launcher pod's file system or on a mounted PVC from within the guest VM. This vulnerability is fixed in 1.5.3 and 1.6.1. | |||||
| CVE-2025-32431 | 1 Traefik | 1 Traefik | 2025-11-25 | N/A | 9.1 CRITICAL |
| Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.24, 3.3.6, and 3.4.0-rc2. A workaround involves adding a `PathRegexp` rule to the matcher to prevent matching a route with a `/../` in the path. | |||||
| CVE-2025-64765 | 1 Astro | 1 Astro | 2025-11-25 | N/A | 5.3 MEDIUM |
| Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI() to determine which route to render, while the middleware uses context.url.pathname without applying the same normalization (decodeURI). This discrepancy may allow attackers to reach protected routes using encoded path variants that pass routing but bypass validation checks. This issue has been patched in version 5.15.8. | |||||
| CVE-2025-47952 | 1 Traefik | 1 Traefik | 2025-11-25 | N/A | 9.1 CRITICAL |
| Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1. | |||||
| CVE-2025-6020 | 2025-11-25 | N/A | 7.8 HIGH | ||
| A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | |||||
| CVE-2025-11001 | 2 7-zip, Microsoft | 2 7-zip, Windows | 2025-11-24 | N/A | 7.8 HIGH |
| 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753. | |||||
| CVE-2024-8165 | 1 Beikeshop | 1 Beikeshop | 2025-11-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component. | |||||
| CVE-2024-8163 | 1 Beikeshop | 1 Beikeshop | 2025-11-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component. | |||||
| CVE-2025-41736 | 1 Metz-connect | 6 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 3 more | 2025-11-21 | N/A | 8.8 HIGH |
| A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution. | |||||
| CVE-2025-58423 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-21 | N/A | 8.8 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. | |||||
| CVE-2025-12923 | 1 1000mz | 1 Chestnutcms | 2025-11-21 | 3.3 LOW | 2.7 LOW |
| A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-34320 | 2025-11-21 | N/A | N/A | ||
| BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service. Retrieved configuration artifacts may contain account credentials used for BBj Enterprise Manager; possession of these credentials enables administrative access and use of legitimate management functionality that can result in execution of system commands under the service account. Depending on the operating system and the privileges of the BBj service account, this issue may also allow access to other sensitive files on the host, including operating system or application data, potentially exposing additional confidential information. | |||||
| CVE-2025-10472 | 1 Harry0703 | 1 Moneyprinterturbo | 2025-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-11607 | 1 Harry0703 | 1 Moneyprinterturbo | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-34031 | 1 Geoffrowland | 1 Jmol | 2025-11-20 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2025-34023 | 2025-11-20 | N/A | N/A | ||
| A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2025-34022 | 2025-11-20 | N/A | N/A | ||
| A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2018-25124 | 2025-11-20 | N/A | N/A | ||
| PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2025-7896 | 1 Harry0703 | 1 Moneyprinterturbo | 2025-11-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely. | |||||
| CVE-2025-8941 | 2025-11-20 | N/A | 7.8 HIGH | ||
| A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. | |||||