Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
|
|||||
| CVE-2005-0372 | 1 Gnome | 1 Gtk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
|
|||||
| CVE-2006-0871 | 1 Mambo | 1 Mambo | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
|
|||||
| CVE-2002-2240 | 1 Myserver | 1 Myserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request.
|
|||||
| CVE-2006-4013 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 7.6 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.
|
|||||
| CVE-2005-4600 | 1 Moxiecode | 1 Tinymce Compressor Php | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
|
|||||
| CVE-2003-1430 | 3 Epic Games, Linux, Microsoft | 3 Unreal Engine, Linux Kernel, All Windows | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
|
|||||
| CVE-2003-1545 | 2 Nukestyles, Phpnuke | 2 Viewpage, Nukestyles Viewpage Module | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
|
|||||
| CVE-2006-3934 | 1 Alkacon | 1 Opencms | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.
|
|||||
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2025-04-03 | 5.1 MEDIUM | N/A |
|
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
|
|||||
| CVE-2006-2337 | 1 D-link | 1 Dsl-g604t | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
|
|||||
| CVE-2006-1095 | 1 Apache | 1 Mod Python | 2025-04-03 | 7.2 HIGH | N/A |
|
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
|
|||||
| CVE-2003-1380 | 1 Bisonftp | 1 Bisonftp Server 4 | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
|
|||||
| CVE-2004-2745 | 1 Anteco Visual Technologies | 1 Ownserver | 2025-04-03 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2006-0976 | 1 Spid | 1 Spid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter.
|
|||||
| CVE-2003-1413 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
|
|||||
| CVE-2023-23314 | 1 Zdir Project | 1 Zdir | 2025-04-02 | N/A | 8.8 HIGH |
|
An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.
|
|||||
| CVE-2025-30841 | 2025-04-02 | N/A | 9.9 CRITICAL | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8.
|
|||||
| CVE-2023-24455 | 1 Jenkins | 1 Visual Expert | 2025-04-02 | N/A | 4.3 MEDIUM |
|
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
|
|||||
| CVE-2023-24449 | 1 Jenkins | 1 Pwauth Security Realm | 2025-04-02 | N/A | 4.3 MEDIUM |
|
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
|
|||||
| CVE-2022-31706 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-02 | N/A | 9.8 CRITICAL |
|
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
|
|||||
| CVE-2024-57170 | 1 Soplanning | 1 Soplanning | 2025-04-02 | N/A | 6.5 MEDIUM |
|
SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables attackers to delete arbitrary files outside the intended upload directory, potentially leading to denial of service or disruption of application functionality.
|
|||||
| CVE-2020-18331 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2025-04-01 | N/A | 9.1 CRITICAL |
|
Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc.
|
|||||
| CVE-2020-18330 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2025-04-01 | N/A | 9.1 CRITICAL |
|
An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface.
|
|||||
| CVE-2025-1915 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-01 | N/A | 8.1 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2024-8898 | 1 Lollms | 1 Lollms Web Ui | 2025-04-01 | N/A | 9.8 CRITICAL |
|
A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of user-supplied input, which can be exploited to traverse directories outside the intended path.
|
|||||
| CVE-2025-3021 | 2025-04-01 | N/A | N/A | ||
|
Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint.
|
|||||
| CVE-2025-3043 | 2025-04-01 | 5.0 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
|
|||||
| CVE-2025-30594 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Include URL allows Path Traversal. This issue affects Include URL: from n/a through 0.3.5.
|
|||||
| CVE-2025-30910 | 2025-04-01 | N/A | 8.6 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6.
|
|||||
| CVE-2025-30793 | 2025-04-01 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed allows Path Traversal. This issue affects Houzez Property Feed: from n/a through 2.5.4.
|
|||||
| CVE-2023-24057 | 2 Hapifhir, Hl7 | 2 Hl7 Fhir Core, Fhir Ig Publisher | 2025-04-01 | N/A | 8.1 HIGH |
|
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).
|
|||||
| CVE-2024-34245 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.5 MEDIUM |
|
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php.
|
|||||
| CVE-2025-27837 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
|
|||||
| CVE-2022-25882 | 1 Linuxfoundation | 1 Onnx | 2025-04-01 | N/A | 7.5 HIGH |
|
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
|
|||||
| CVE-2022-21192 | 1 Serve-lite Project | 1 Serve-lite | 2025-04-01 | N/A | 7.5 HIGH |
|
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
|
|||||
| CVE-2022-47951 | 2 Debian, Openstack | 4 Debian Linux, Cinder, Glance and 1 more | 2025-03-31 | N/A | 5.7 MEDIUM |
|
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
|
|||||
| CVE-2024-30417 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-29 | N/A | 7.5 HIGH |
|
Path traversal vulnerability in the Bluetooth-based sharing module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2022-39812 | 1 Italtel | 1 Netmatch-s Ci | 2025-03-28 | N/A | 7.5 HIGH |
|
Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server.
|
|||||
| CVE-2019-25053 | 1 Sage | 1 Sage Frp 1000 | 2025-03-28 | N/A | 7.5 HIGH |
|
A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL.
|
|||||