Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11738 | 1 Snapcreek | 1 Duplicator | 2025-03-14 | 7.5 High |
| The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. | ||||
| CVE-2024-27871 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-14 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data. | ||||
| CVE-2021-20023 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2025-03-14 | 4.9 Medium |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | ||||
| CVE-2024-31947 | 1 Stonefly | 1 Storage Concentrator | 2025-03-14 | 6.5 Medium |
| StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information. | ||||
| CVE-2020-8195 | 1 Citrix | 12 4000-wo, 4100-wo, 5000-wo and 9 more | 2025-03-14 | 6.5 Medium |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | ||||
| CVE-2025-2264 | 2025-03-14 | 7.5 High | ||
| A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. | ||||
| CVE-2024-38292 | 2025-03-14 | 9.8 Critical | ||
| In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. | ||||
| CVE-2025-1785 | 2025-03-13 | 5.4 Medium | ||
| The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service. | ||||
| CVE-2024-30143 | 2025-03-13 | 4.3 Medium | ||
| HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is running. | ||||
| CVE-2024-21677 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-03-13 | 8.8 High |
| This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program. | ||||
| CVE-2018-20250 | 1 Rarlab | 1 Winrar | 2025-03-13 | 7.8 High |
| In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. | ||||
| CVE-2021-38163 | 1 Sap | 1 Netweaver | 2025-03-13 | 9.9 Critical |
| SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. | ||||
| CVE-2024-9939 | 1 Iptanus | 1 Wordpress File Upload | 2025-03-13 | 7.5 High |
| The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. | ||||
| CVE-2025-23059 | 2025-03-13 | 6.8 Medium | ||
| A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system. | ||||
| CVE-2023-42947 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-13 | 8.6 High |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox. | ||||
| CVE-2023-52544 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 4.3 Medium |
| Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2022-37042 | 1 Zimbra | 1 Collaboration | 2025-03-13 | 9.8 Critical |
| Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925. | ||||
| CVE-2022-30333 | 4 Debian, Linux, Opengroup and 1 more | 4 Debian Linux, Linux Kernel, Unix and 1 more | 2025-03-13 | 7.5 High |
| RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | ||||
| CVE-2024-35428 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-03-13 | 7.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. | ||||
| CVE-2020-36836 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-03-13 | 8.8 High |
| The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. | ||||