Export limit exceeded: 344019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6925 | 1 Dromara | 1 Ruoyi-vue-plus | 2025-09-16 | 5.3 Medium |
| A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6853 | 1 Chatchat-space | 1 Langchain-chatchat | 2025-09-16 | 6.3 Medium |
| A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-55526 | 2 Microsoft, N8n | 5 Windows 11, Fastapi, N8n and 2 more | 2025-09-15 | 9.1 Critical |
| n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py | ||||
| CVE-2024-55213 | 1 Dhtmlx | 1 File Explorer | 2025-09-15 | 6.5 Medium |
| Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function. | ||||
| CVE-2024-55214 | 1 Dhtmlx | 1 File Explorer | 2025-09-15 | 6.5 Medium |
| Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. | ||||
| CVE-2024-57248 | 1 Gleamtech | 1 Filevista | 2025-09-15 | 6.3 Medium |
| Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files. | ||||
| CVE-2025-25223 | 1 Luxsoft | 1 Luxcal Web Calendar | 2025-09-15 | 5.3 Medium |
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained. | ||||
| CVE-2024-22809 | 1 Tormach | 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router | 2025-09-15 | 6.5 Medium |
| Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information. | ||||
| CVE-2024-22815 | 1 Tormach | 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router | 2025-09-15 | 5.3 Medium |
| An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands. | ||||
| CVE-2025-6772 | 2 Dbgpt, Eosphoros-ai | 2 Db-gpt, Db-gpt | 2025-09-15 | 7.3 High |
| A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10233 | 2 Kalcaddle, Kodcloud | 2 Kodbox, Kodbox | 2025-09-12 | 6.3 Medium |
| A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-41714 | 1 Welotec | 1 Smartems | 2025-09-12 | 8.8 High |
| The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may be leveraged to achieve remote code execution. | ||||
| CVE-2025-59049 | 1 Mockoon | 1 Mockoon | 2025-09-12 | 7.5 High |
| Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server filesystem. The issue may be particularly relevant in cloud hosted server instances. Version 9.2.0 fixes the issue. | ||||
| CVE-2025-10245 | 1 Display Paineis | 1 Tga | 2025-09-12 | 4.3 Medium |
| A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulation of the argument current_folder results in path traversal. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9918 | 2 Google, Google Cloud | 2 Cloud Platform, Secops Soar Server | 2025-09-12 | N/A |
| A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences. | ||||
| CVE-2024-8262 | 1 Prolizyazilim | 1 Student Affairs Information System | 2025-09-12 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal.This issue affects OBS: before 24.0927. | ||||
| CVE-2024-31220 | 1 Lizardbyte | 1 Sunshine | 2025-09-11 | 7.3 High |
| Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall. | ||||
| CVE-2025-5385 | 2 Huayi-tec, Jeewms | 2 Jeewms, Jeewms | 2025-09-11 | 6.3 Medium |
| A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2018-18434 | 1 Linlinjava | 1 Litemall | 2025-09-11 | N/A |
| An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component. | ||||
| CVE-2025-47415 | 1 Crestron | 2 Touchscreens X60, Touchscreens X70 | 2025-09-11 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061 - (no fix released, product discontinued) For x70 The Affected Firmware:- 3.000.0110.001 and versions below The Fixed Firmware:- 3.001.0031.001 | ||||