Export limit exceeded: 10318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52055 | 1 Wowza | 1 Streaming Engine | 2025-07-12 | N/A |
| Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file. | ||||
| CVE-2025-27590 | 1 Oxidized Web Project | 1 Oxidized Web | 2025-07-12 | 9 Critical |
| In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. | ||||
| CVE-2024-10100 | 1 Binary-husky | 1 Gpt Academic | 2025-07-11 | 7.5 High |
| A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values. | ||||
| CVE-2024-8647 | 1 Gitlab | 1 Gitlab | 2025-07-11 | 5.4 Medium |
| An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. | ||||
| CVE-2024-38292 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | 9.8 Critical |
| In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. | ||||
| CVE-2024-39332 | 1 Webswing | 1 Webswing | 2025-07-10 | 9.8 Critical |
| Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. | ||||
| CVE-2018-17828 | 2 Gdraheim, Redhat | 2 Zziplib, Enterprise Linux | 2025-07-10 | N/A |
| Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. | ||||
| CVE-2025-37098 | 1 Hpe | 1 Insight Remote Support | 2025-07-10 | 7.5 High |
| A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. | ||||
| CVE-2024-44867 | 1 Phpok | 1 Phpok | 2025-07-10 | 7.5 High |
| phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. | ||||
| CVE-2025-6280 | 1 Superagi | 1 Superagi | 2025-07-09 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13059 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-09 | N/A |
| A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when the filename transformation introduces '../' sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server. | ||||
| CVE-2024-4498 | 1 Lollms | 1 Lollms Web Ui | 2025-07-09 | N/A |
| A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing an attacker to manipulate the `discussion_db_name` parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the `install_binding`, `reinstall_binding`, and `unInstall_binding` endpoints, despite the presence of a `sanitize_path_from_endpoint(data.name)` filter. Successful exploitation enables an attacker to upload and execute malicious code on the victim's system, leading to Remote Code Execution (RCE). | ||||
| CVE-2024-1511 | 1 Lollms | 1 Lollms Web Ui | 2025-07-09 | N/A |
| The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages. | ||||
| CVE-2025-28055 | 1 Shinnku | 1 Upset-gal-web | 2025-07-09 | 7.5 High |
| upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit | ||||
| CVE-2025-6278 | 1 Upsonic | 1 Upsonic | 2025-07-08 | 5.5 Medium |
| A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-40348 | 1 Bazarr | 1 Bazarr | 2025-07-08 | 8.2 High |
| An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. | ||||
| CVE-2025-40573 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | 4.4 Medium |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder. | ||||
| CVE-2012-5972 | 1 Specview | 1 Specview | 2025-07-07 | N/A |
| Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | ||||
| CVE-2019-0887 | 1 Microsoft | 10 Remote Desktop Client, Windows 10, Windows 11 21h2 and 7 more | 2025-07-07 | 8.0 High |
| A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | ||||
| CVE-2024-54169 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | 6.5 Medium |
| IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||