Total
144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41723 | 2025-10-22 | N/A | 9.8 CRITICAL | ||
|
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
|
|||||
| CVE-2025-43886 | 1 Dell | 1 Powerprotect Data Manager | 2025-10-20 | N/A | 4.4 MEDIUM |
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
|
|||||
| CVE-2025-43907 | 1 Dell | 1 Data Domain Operating System | 2025-10-14 | N/A | 6.5 MEDIUM |
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Path Traversal: '.../...//' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
|
|||||
| CVE-2025-42937 | 2025-10-14 | N/A | 9.8 CRITICAL | ||
|
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.
|
|||||
| CVE-2024-45190 | 1 Mage | 1 Mage-ai | 2025-10-10 | N/A | 6.5 MEDIUM |
|
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
|
|||||
| CVE-2023-39916 | 1 Nlnetlabs | 1 Routinator | 2025-10-03 | N/A | 9.3 CRITICAL |
|
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being sto ...
Show More |
|||||
| CVE-2025-26876 | 1 Codemanas | 1 Search With Typesense | 2025-09-30 | N/A | 6.8 MEDIUM |
|
Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.
|
|||||
| CVE-2025-20313 | 2025-09-26 | N/A | 6.7 MEDIUM | ||
|
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust.
These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system.
Because this allows the attacker to byp ...
Show More |
|||||
| CVE-2023-41793 | 1 Artica | 1 Pandora Fms | 2025-09-16 | N/A | 6.7 MEDIUM |
|
: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.
|
|||||
| CVE-2025-47636 | 2025-09-15 | N/A | 7.5 HIGH | ||
|
Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through 0.91.0.
|
|||||
| CVE-2025-48317 | 2025-09-05 | N/A | 7.5 HIGH | ||
|
Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows Path Traversal. This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through 0.4.9.
|
|||||
| CVE-2025-4956 | 2025-09-02 | N/A | 4.3 MEDIUM | ||
|
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
|
|||||
| CVE-2025-48081 | 2025-08-29 | N/A | 5.3 MEDIUM | ||
|
Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0.
|
|||||
| CVE-2024-41973 | 2025-08-27 | N/A | 8.1 HIGH | ||
|
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.
|
|||||
| CVE-2024-41972 | 2025-08-27 | N/A | 6.5 MEDIUM | ||
|
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.
|
|||||
| CVE-2024-52885 | 1 Checkpoint | 3 Gaia Os, Mobile Access, Remote Access Vpn | 2025-08-27 | N/A | 5.0 MEDIUM |
|
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
|
|||||
| CVE-2024-34191 | 1 Htmly | 1 Htmly | 2025-08-20 | N/A | 6.5 MEDIUM |
|
htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request.
|
|||||
| CVE-2025-53561 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
|
Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal. This issue affects Prevent files / folders access: from n/a through 2.6.0.
|
|||||
| CVE-2025-52712 | 2025-08-14 | N/A | 4.2 MEDIUM | ||
|
Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
|
|||||
| CVE-2025-30515 | 1 Cyberdata | 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware | 2025-08-12 | N/A | 9.8 CRITICAL |
|
CyberData 011209 Intercom
could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
|
|||||
| CVE-2024-56213 | 1 Themewinter | 1 Eventin | 2025-08-11 | N/A | 6.5 MEDIUM |
|
Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.
|
|||||
| CVE-2025-53417 | 2025-08-05 | N/A | N/A | ||
|
DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
|
|||||
| CVE-2021-1132 | 1 Cisco | 1 Network Services Orchestrator | 2025-08-05 | N/A | 5.3 MEDIUM |
|
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.
This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A success ...
Show More |
|||||
| CVE-2020-26073 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-08-04 | N/A | 7.5 HIGH |
|
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to c ...
Show More |
|||||
| CVE-2025-20320 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-07-21 | N/A | 6.3 MEDIUM |
|
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files withi ...
Show More |
|||||
| CVE-2024-10857 | 1 Tychesoftwares | 1 Product Input Fields For Woocommerce | 2025-07-09 | N/A | 6.5 MEDIUM |
|
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2025-52805 | 2025-07-08 | N/A | 7.5 HIGH | ||
|
Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9.
|
|||||
| CVE-2025-40573 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | N/A | 4.4 MEDIUM |
|
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks.
This could allow a privileged local attacker to restore backups that are outside the backup folder.
|
|||||
| CVE-2025-52811 | 2025-06-30 | N/A | 8.1 HIGH | ||
|
Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through 1.3.
|
|||||
| CVE-2025-52810 | 2025-06-30 | N/A | 8.1 HIGH | ||
|
Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
|
|||||
| CVE-2025-49451 | 2025-06-17 | N/A | 7.5 HIGH | ||
|
Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through 1.0.12.
|
|||||
| CVE-2025-27445 | 2025-06-17 | N/A | 5.4 MEDIUM | ||
|
A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
|
|||||
| CVE-2025-39475 | 2025-06-12 | N/A | 8.1 HIGH | ||
|
Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inclusion. This issue affects Arlo: from n/a through 6.0.3.
|
|||||
| CVE-2025-22205 | 1 Admiror-design-studio | 1 Admiror Gallery | 2025-06-04 | N/A | 7.5 HIGH |
|
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.
|
|||||
| CVE-2025-5598 | 2025-06-04 | N/A | N/A | ||
|
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.
|
|||||
| CVE-2024-40505 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2025-05-29 | N/A | 9.3 CRITICAL |
|
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.
|
|||||
| CVE-2025-27010 | 2025-05-21 | N/A | 8.1 HIGH | ||
|
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2.
|
|||||
| CVE-2025-46441 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
|
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.
|
|||||
| CVE-2025-39491 | 2025-05-19 | N/A | 8.1 HIGH | ||
|
Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.
|
|||||
| CVE-2025-39492 | 2025-05-19 | N/A | 7.5 HIGH | ||
|
Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.
|
|||||