Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45582 | 1 Gnu | 1 Tar | 2025-08-18 | N/A | 4.1 MEDIUM |
| GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory. | |||||
| CVE-2025-44962 | 1 Commscope | 31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more | 2025-08-07 | N/A | 5.0 MEDIUM |
| RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. | |||||
| CVE-2025-46094 | 1 Liquidfiles | 1 Liquidfiles | 2025-08-07 | N/A | 3.8 LOW |
| LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. | |||||
| CVE-2022-20656 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-07-31 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to write arbitrary files to the host system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | |||||
| CVE-2025-54769 | 2025-07-29 | N/A | 8.8 HIGH | ||
| An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker. | |||||
| CVE-2025-53513 | 2025-07-10 | N/A | 8.8 HIGH | ||
| The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm. | |||||
| CVE-2025-46646 | 1 Artifex | 1 Ghostscript | 2025-06-23 | N/A | 4.5 MEDIUM |
| In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954. | |||||
| CVE-2024-2318 | 1 Zkteco | 1 Zkbio Media | 2025-06-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-27920 | 1 Srimax | 1 Output Messenger | 2025-05-21 | N/A | 7.2 HIGH |
| Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. | |||||
| CVE-2025-48050 | 2025-05-16 | N/A | 7.5 HIGH | ||
| In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script which starts a local web server if needed and must be manually started." | |||||
| CVE-2025-47423 | 2025-05-08 | N/A | 5.8 MEDIUM | ||
| Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext. | |||||
| CVE-2024-53636 | 2025-04-29 | N/A | 6.4 MEDIUM | ||
| An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter. | |||||
| CVE-2025-43919 | 1 Gnu | 1 Mailman | 2025-04-28 | N/A | 5.8 MEDIUM |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | |||||
| CVE-2024-3227 | 1 Weaver | 1 E-office | 2025-04-25 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/theme_set/save_image.php of the component Backend. The manipulation of the argument image_type leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259072. | |||||
| CVE-2025-43928 | 1 Infodraw | 2 Pmrs-102, Pmrs-102 Firmware | 2025-04-24 | N/A | 5.8 MEDIUM |
| In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing. | |||||
| CVE-2022-1743 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS. | |||||
| CVE-2024-22079 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 7.5 HIGH |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. | |||||
| CVE-2025-32807 | 2025-04-11 | N/A | 5.3 MEDIUM | ||
| A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. | |||||
| CVE-2024-3686 | 1 Dedecms | 1 Dedecms | 2025-04-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4790 | 1 Dedecms | 1 Dedecms | 2025-04-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263889 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||