Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55214 | 2025-02-11 | 6.5 Medium | ||
| Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. | ||||
| CVE-2024-55213 | 2025-02-11 | 6.5 Medium | ||
| Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function. | ||||
| CVE-2024-11771 | 2025-02-11 | 5.3 Medium | ||
| Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. | ||||
| CVE-2024-57248 | 2025-02-11 | 6.3 Medium | ||
| Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files. | ||||
| CVE-2024-53586 | 2025-02-11 | 5.3 Medium | ||
| An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory. | ||||
| CVE-2023-1478 | 1 Incsub | 1 Hummingbird | 2025-02-11 | 9.8 Critical |
| The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. | ||||
| CVE-2023-0156 | 1 Updraftplus | 1 All-in-one Security | 2025-02-11 | 4.9 Medium |
| The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file. | ||||
| CVE-2022-43771 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-02-11 | 6.5 Medium |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | ||||
| CVE-2024-49411 | 1 Samsung | 1 Android | 2025-02-10 | 4.3 Medium |
| Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | ||||
| CVE-2024-29502 | 2025-02-10 | 6.5 Medium | ||
| An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | ||||
| CVE-2024-21542 | 2025-02-10 | 8.6 High | ||
| Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. | ||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | 8.4 High |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | ||||
| CVE-2015-0016 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-02-10 | 7.8 High |
| Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability." | ||||
| CVE-2019-3396 | 1 Atlassian | 1 Confluence Server | 2025-02-10 | 9.8 Critical |
| The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. | ||||
| CVE-2019-3398 | 1 Atlassian | 1 Confluence Server | 2025-02-10 | 8.8 High |
| Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability. | ||||
| CVE-2024-52481 | 1 Astoundify | 2 Jobify, Jobify Job Board Wordpress Theme | 2025-02-10 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | ||||
| CVE-2024-52883 | 2025-02-10 | 7.5 High | ||
| An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication. | ||||
| CVE-2023-27648 | 1 Timmystudios | 1 Change Color Of Keypad | 2025-02-10 | 9.8 Critical |
| Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. | ||||
| CVE-2021-26086 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2025-02-09 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1. | ||||
| CVE-2023-7216 | 2 Gnu, Redhat | 2 Cpio, Enterprise Linux | 2025-02-08 | 5.3 Medium |
| A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks. | ||||