Total
277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25048 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | N/A | 6.5 MEDIUM |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory. | |||||
| CVE-2025-15225 | 1 Sun.net | 1 Wmpro | 2025-12-31 | N/A | 7.5 HIGH |
| WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. | |||||
| CVE-2024-47856 | 1 Rsa | 1 Authentication Agent For Windows | 2025-12-30 | N/A | 9.8 CRITICAL |
| In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve that executable instead of the intended executable. | |||||
| CVE-2024-12642 | 1 Cht | 1 Tenderdoctransfer | 2025-12-23 | N/A | 8.1 HIGH |
| TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user's system. | |||||
| CVE-2025-66626 | 1 Argoproj | 1 Argo Workflows | 2025-12-19 | N/A | 8.1 HIGH |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5. | |||||
| CVE-2016-20023 | 1 Cksource | 1 Ckfinder | 2025-12-17 | N/A | 5.0 MEDIUM |
| In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. | |||||
| CVE-2025-40605 | 1 Sonicwall | 10 Email Security Appliance 5000, Email Security Appliance 5000 Firmware, Email Security Appliance 5050 and 7 more | 2025-12-12 | N/A | 5.3 MEDIUM |
| A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. | |||||
| CVE-2025-62552 | 1 Microsoft | 4 365 Apps, Access, Office and 1 more | 2025-12-09 | N/A | 7.8 HIGH |
| Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-13771 | 1 Uniong | 1 Webitr | 2025-12-01 | N/A | 6.5 MEDIUM |
| WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | |||||
| CVE-2025-64446 | 1 Fortinet | 1 Fortiweb | 2025-11-21 | N/A | 9.8 CRITICAL |
| A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. | |||||
| CVE-2025-64757 | 1 Astro | 1 Astro | 2025-11-20 | N/A | 3.5 LOW |
| Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3. | |||||
| CVE-2025-58463 | 1 Qnap | 3 Download Station, Qts, Quts Hero | 2025-11-17 | N/A | 4.9 MEDIUM |
| A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later | |||||
| CVE-2025-58464 | 1 Qnap | 1 Qumagie | 2025-11-14 | N/A | 7.5 HIGH |
| A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later | |||||
| CVE-2025-44163 | 1 Raspap | 1 Raspap-webgui | 2025-11-10 | N/A | 6.3 MEDIUM |
| RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution. | |||||
| CVE-2021-40870 | 1 Aviatrix | 1 Controller | 2025-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | |||||
| CVE-2024-54449 | 1 Logicaldoc | 1 Logicaldoc | 2025-11-07 | N/A | 8.8 HIGH |
| The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. | |||||
| CVE-2025-59682 | 1 Djangoproject | 1 Django | 2025-11-04 | N/A | 3.1 LOW |
| An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. | |||||
| CVE-2025-27610 | 1 Rack | 1 Rack | 2025-11-03 | N/A | 7.5 HIGH |
| Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue. | |||||
| CVE-2025-26349 | 1 Q-free | 1 Maxtime | 2025-10-24 | N/A | 7.2 HIGH |
| A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests. | |||||
| CVE-2024-56340 | 1 Ibm | 1 Cognos Analytics | 2025-10-17 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. | |||||