Total
7631 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25800 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.3 Medium |
| SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php. | ||||
| CVE-2022-25936 | 1 Servst Project | 1 Servst | 2025-03-27 | 7.5 High |
| Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | ||||
| CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.9 Medium |
| There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | ||||
| CVE-2022-4510 | 1 Microsoft | 1 Binwalk | 2025-03-27 | 7.8 High |
| A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included. | ||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2025-03-27 | 6.5 Medium |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | ||||
| CVE-2022-46835 | 1 Sailpoint | 1 Identityiq | 2025-03-27 | 8.8 High |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. | ||||
| CVE-2022-39059 | 1 Changingtec | 1 Megaservisignadapter | 2025-03-27 | 7.5 High |
| ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. | ||||
| CVE-2024-50843 | 1 Phpgurukul | 2 User Registration \& Login And User Management System, User Registration And Login And User Management System | 2025-03-27 | 5.3 Medium |
| A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets. | ||||
| CVE-2022-45783 | 1 Dotcms | 1 Dotcms | 2025-03-27 | 6.5 Medium |
| An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | ||||
| CVE-2025-2716 | 2025-03-27 | 2.7 Low | ||
| A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1310 | 2025-03-27 | 6.5 Medium | ||
| The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2025-27147 | 2025-03-27 | 8.2 High | ||
| The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability. | ||||
| CVE-2024-13920 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2025-03-27 | 4.9 Medium |
| The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. | ||||
| CVE-2023-49508 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2025-03-27 | 6.5 Medium |
| Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. | ||||
| CVE-2023-23136 | 1 Lmxcms | 1 Lmxcms | 2025-03-27 | 6.5 Medium |
| lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. | ||||
| CVE-2023-0454 | 1 Orangescrum | 1 Orangescrum | 2025-03-27 | 8.1 High |
| OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. | ||||
| CVE-2022-47768 | 1 Serinf | 1 Fast Checkin | 2025-03-27 | 7.5 High |
| Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. | ||||
| CVE-2023-0592 | 1 Jefferson Project | 1 Jefferson | 2025-03-27 | 5.5 Medium |
| A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1. | ||||
| CVE-2023-0593 | 1 Yaffshiv Project | 1 Yaffshiv | 2025-03-27 | 5.5 Medium |
| A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication. | ||||
| CVE-2025-30343 | 1 Openslides | 1 Openslides | 2025-03-27 | 3 Low |
| A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory. | ||||