Total
137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66004 | 2026-04-15 | N/A | 5.7 MEDIUM | ||
| A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba. | |||||
| CVE-2025-58972 | 2026-04-15 | N/A | 7.2 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4. | |||||
| CVE-2026-1763 | 2026-04-15 | N/A | 4.6 MEDIUM | ||
| Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | |||||
| CVE-2024-7608 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | |||||
| CVE-2025-27445 | 2026-04-15 | N/A | 5.4 MEDIUM | ||
| A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files | |||||
| CVE-2025-4956 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. | |||||
| CVE-2025-41723 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. | |||||
| CVE-2025-24907 | 2026-04-15 | N/A | 6.8 MEDIUM | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the CGG Draw API. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | |||||
| CVE-2024-50054 | 2026-04-15 | N/A | 7.5 HIGH | ||
| The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | |||||
| CVE-2025-30014 | 2026-04-15 | N/A | 7.7 HIGH | ||
| SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | |||||
| CVE-2024-11136 | 2026-04-15 | N/A | N/A | ||
| The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage. | |||||
| CVE-2024-45248 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Multi-DNC – CWE-35: Path Traversal: '.../...//' | |||||
| CVE-2025-53417 | 2026-04-15 | N/A | N/A | ||
| DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | |||||
| CVE-2024-49770 | 2026-04-15 | N/A | N/A | ||
| `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue. | |||||
| CVE-2025-53880 | 2026-04-15 | N/A | N/A | ||
| A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. | |||||
| CVE-2025-42937 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application. | |||||
| CVE-2025-64253 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1. | |||||
| CVE-2025-22288 | 2026-04-15 | N/A | 4.1 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0. | |||||
| CVE-2025-5598 | 2026-04-15 | N/A | N/A | ||
| Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | |||||
| CVE-2025-69325 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8. | |||||