Export limit exceeded: 10162 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8938 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30417 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-29 | 7.5 High |
| Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2022-39812 | 1 Italtel | 1 Netmatch-s Ci | 2025-03-28 | 7.5 High |
| Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server. | ||||
| CVE-2019-25053 | 1 Sage | 1 Sage Frp 1000 | 2025-03-28 | 7.5 High |
| A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. | ||||
| CVE-2025-23059 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-28 | 6.8 Medium |
| A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system. | ||||
| CVE-2024-44720 | 1 Seacms | 1 Seacms | 2025-03-28 | 7.5 High |
| SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. | ||||
| CVE-2025-25800 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.3 Medium |
| SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php. | ||||
| CVE-2022-25936 | 1 Servst Project | 1 Servst | 2025-03-27 | 7.5 High |
| Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | ||||
| CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.9 Medium |
| There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | ||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2025-03-27 | 6.5 Medium |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | ||||
| CVE-2022-46835 | 1 Sailpoint | 1 Identityiq | 2025-03-27 | 8.8 High |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. | ||||
| CVE-2022-39059 | 1 Changingtec | 1 Megaservisignadapter | 2025-03-27 | 7.5 High |
| ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. | ||||
| CVE-2024-50843 | 1 Phpgurukul | 2 User Registration \& Login And User Management System, User Registration And Login And User Management System | 2025-03-27 | 5.3 Medium |
| A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets. | ||||
| CVE-2022-45783 | 1 Dotcms | 1 Dotcms | 2025-03-27 | 6.5 Medium |
| An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | ||||
| CVE-2023-49508 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2025-03-27 | 6.5 Medium |
| Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. | ||||
| CVE-2023-23136 | 1 Lmxcms | 1 Lmxcms | 2025-03-27 | 6.5 Medium |
| lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. | ||||
| CVE-2023-0454 | 1 Orangescrum | 1 Orangescrum | 2025-03-27 | 8.1 High |
| OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. | ||||
| CVE-2022-47768 | 1 Serinf | 1 Fast Checkin | 2025-03-27 | 7.5 High |
| Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. | ||||
| CVE-2023-0592 | 1 Jefferson Project | 1 Jefferson | 2025-03-27 | 5.5 Medium |
| A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1. | ||||
| CVE-2023-0593 | 1 Yaffshiv Project | 1 Yaffshiv | 2025-03-27 | 5.5 Medium |
| A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication. | ||||
| CVE-2025-30343 | 1 Openslides | 1 Openslides | 2025-03-27 | 3 Low |
| A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory. | ||||