Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27222 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-11-03 | N/A | 8.6 HIGH |
| TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself. | |||||
| CVE-2025-8088 | 3 Dtsearch, Microsoft, Rarlab | 3 Dtsearch, Windows, Winrar | 2025-10-30 | N/A | 8.8 HIGH |
| A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | |||||
| CVE-2025-53880 | 2025-10-30 | N/A | N/A | ||
| A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. | |||||
| CVE-2025-8051 | 1 Opentext | 1 Flipper | 2025-10-28 | N/A | 6.5 MEDIUM |
| Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | |||||
| CVE-2025-26352 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 6.5 MEDIUM |
| A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26353 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 4.9 MEDIUM |
| A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26354 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.2 HIGH |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26355 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 6.5 MEDIUM |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26356 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.2 HIGH |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26357 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 4.9 MEDIUM |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26351 | 1 Q-free | 1 Maxtime | 2025-10-24 | N/A | 4.9 MEDIUM |
| A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||
| CVE-2025-41723 | 2025-10-22 | N/A | 9.8 CRITICAL | ||
| The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. | |||||
| CVE-2025-43886 | 1 Dell | 1 Powerprotect Data Manager | 2025-10-20 | N/A | 4.4 MEDIUM |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | |||||
| CVE-2025-43907 | 1 Dell | 1 Data Domain Operating System | 2025-10-14 | N/A | 6.5 MEDIUM |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Path Traversal: '.../...//' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-42937 | 2025-10-14 | N/A | 9.8 CRITICAL | ||
| SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application. | |||||
| CVE-2024-45190 | 1 Mage | 1 Mage-ai | 2025-10-10 | N/A | 6.5 MEDIUM |
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | |||||
| CVE-2025-26876 | 1 Codemanas | 1 Search With Typesense | 2025-09-30 | N/A | 6.8 MEDIUM |
| Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8. | |||||
| CVE-2025-20313 | 2025-09-26 | N/A | 6.7 MEDIUM | ||
| Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP | |||||
| CVE-2025-47636 | 2025-09-15 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through 0.91.0. | |||||
| CVE-2025-48317 | 2025-09-05 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows Path Traversal. This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through 0.4.9. | |||||