Export limit exceeded: 345283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8901 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2025-06-17 | 5.5 Medium |
| An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | ||||
| CVE-2023-33177 | 1 Xibosignage | 1 Xibo | 2025-06-17 | 8.8 High |
| Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. | ||||
| CVE-2025-27956 | 1 Pixeon | 1 Weblaudos | 2025-06-17 | 7.5 High |
| Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | ||||
| CVE-2021-46902 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | 7.2 High |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls. | ||||
| CVE-2023-40383 | 1 Apple | 1 Macos | 2025-06-17 | 3.3 Low |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. | ||||
| CVE-2024-34471 | 2 Hsc, Hsclabs | 2 Mailinspector, Mailinspector | 2025-06-17 | 5.4 Medium |
| An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. | ||||
| CVE-2023-52289 | 1 Sujeetkv | 1 Flaskcode | 2025-06-17 | 7.5 High |
| An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files. | ||||
| CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2025-06-17 | 8.2 High |
| Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | ||||
| CVE-2025-4178 | 2 Microsoft, Xiaowei1118 | 2 Windows, Java Server | 2025-06-17 | 5.4 Medium |
| A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2024-50648 | 2 Guchengwuyue, Yshopmall | 2 Yshopmall, Yshopmall | 2025-06-17 | 9.8 Critical |
| yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files. | ||||
| CVE-2024-50649 | 2 Python Book, Timgreen | 2 Python Book, Python Book | 2025-06-17 | 9.8 Critical |
| The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. | ||||
| CVE-2023-39611 | 1 Softwarefx | 1 Chart Fx | 2025-06-16 | 7.5 High |
| An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | ||||
| CVE-2024-46212 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 4.9 Medium |
| An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | ||||
| CVE-2025-28099 | 1 Fumiao | 1 Opencms | 2025-06-13 | 4.3 Medium |
| opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | ||||
| CVE-2024-52771 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | 9.1 Critical |
| DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. | ||||
| CVE-2024-29460 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-12 | 6.6 Medium |
| An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. | ||||
| CVE-2025-45238 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 9.1 Critical |
| foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. | ||||
| CVE-2025-45239 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 5.3 Medium |
| An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. | ||||
| CVE-2025-4329 | 1 74cms | 1 74cms | 2025-06-12 | 4.3 Medium |
| A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2048 | 1 Lana | 1 Lana Downloads Manager | 2025-06-12 | 4.1 Medium |
| The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server | ||||