Total
7632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54520 | 1 Apple | 1 Macos | 2025-03-24 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files. | ||||
| CVE-2023-5355 | 1 Getawesomesupport | 1 Awesome Support | 2025-03-24 | 8.1 High |
| The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. | ||||
| CVE-2019-15839 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-03-24 | N/A |
| The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | ||||
| CVE-2023-26256 | 1 Stagil | 1 Stagil Navigation | 2025-03-21 | 7.5 High |
| An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system. | ||||
| CVE-2023-20943 | 1 Google | 1 Android | 2025-03-21 | 7.8 High |
| In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 | ||||
| CVE-2023-24188 | 1 Ureport Project | 1 Ureport | 2025-03-21 | 9.1 Critical |
| ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | ||||
| CVE-2021-34638 | 1 W3eden | 1 Download Manager | 2025-03-21 | 6.5 Medium |
| Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | ||||
| CVE-2022-48323 | 1 Sunlogin | 1 Sunflower | 2025-03-21 | 9.8 Critical |
| Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program. | ||||
| CVE-2022-25937 | 1 Glance Project | 1 Glance | 2025-03-21 | 6.5 Medium |
| Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129). | ||||
| CVE-2025-25685 | 2025-03-21 | 7.5 High | ||
| An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share. | ||||
| CVE-2024-41765 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-21 | 6.5 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2023-22629 | 1 Southrivertech | 1 Titan Ftp Server | 2025-03-20 | 8.8 High |
| An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem. | ||||
| CVE-2024-32680 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-20 | 8.8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. | ||||
| CVE-2024-9362 | 2025-03-20 | N/A | ||
| An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. The issue enables access to system directories such as `/etc`, potentially resulting in significant security risks. | ||||
| CVE-2022-41216 | 1 Hybridsoftware | 1 Cloudflow | 2025-03-20 | 8.3 High |
| Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system. | ||||
| CVE-2024-12217 | 2025-03-20 | N/A | ||
| A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks access to paths like 'C:/tmp/secret.txt', it fails to block access when using NTFS Alternate Data Streams (ADS) syntax, such as 'C:/tmp/secret.txt::$DATA'. This flaw can lead to unauthorized reading of blocked file paths. | ||||
| CVE-2024-53537 | 2025-03-20 | 9.1 Critical | ||
| An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager. | ||||
| CVE-2025-1661 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-19 | 9.8 Critical |
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2025-0859 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-19 | 6.5 Medium |
| The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2025-25684 | 2025-03-19 | 7.5 High | ||
| A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request. | ||||