Total
7863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1496 | 2 Ijobid, Joomla | 2 Com Cmimarketplace, Joomla | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. | ||||
| CVE-2009-1498 | 1 Idb | 1 Idb | 2025-04-09 | N/A |
| Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter in a settings action to profile.php. | ||||
| CVE-2008-0196 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. | ||||
| CVE-2009-3515 | 1 Marcin Manek | 1 D.net Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | ||||
| CVE-2021-31156 | 1 Allied Telesis At | 1 S115 1.2.0 | 2025-04-08 | 7.5 High |
| Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. | ||||
| CVE-2022-48253 | 1 Nazgul | 1 Nostromo | 2025-04-08 | 9.8 Critical |
| nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used. | ||||
| CVE-2025-32018 | 2025-04-08 | 8.1 High | ||
| Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the user or via maliciously crafted context, to automatically write to files outside of the opened workspace. This behavior required deliberate prompting, making successful exploitation highly impractical in real-world scenarios. Furthermore, the edited file was still displayed in the UI as usual for user review, making it unlikely for the edit to go unnoticed by the user. This vulnerability is fixed in 0.48.7. | ||||
| CVE-2022-4884 | 1 Checkmk | 1 Checkmk | 2025-04-08 | 3.5 Low |
| Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file. | ||||
| CVE-2016-15019 | 1 Jekbox Project | 1 Jekbox | 2025-04-08 | 4.3 Medium |
| A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375. | ||||
| CVE-2025-2519 | 2025-04-08 | 6.5 Medium | ||
| The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files. | ||||
| CVE-2024-31240 | 1 Infotheme | 1 Wp Poll Maker | 2025-04-08 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | ||||
| CVE-2024-3686 | 1 Dedecms | 1 Dedecms | 2025-04-08 | 4.3 Medium |
| A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-45299 | 1 Webbrowser Project | 1 Webbrowser | 2025-04-07 | 9.8 Critical |
| An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | ||||
| CVE-2023-22320 | 1 Openam | 1 Openam | 2025-04-07 | 7.5 High |
| OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly. | ||||
| CVE-2022-42136 | 1 Mailenable | 1 Mailenable | 2025-04-07 | 8.8 High |
| Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands. | ||||
| CVE-2022-42280 | 1 Nvidia | 2 Bmc, Dgx A100 | 2025-04-07 | 7.1 High |
| NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | ||||
| CVE-2022-42282 | 1 Nvidia | 2 Bmc, Dgx A100 | 2025-04-07 | 6.5 Medium |
| NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. | ||||
| CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2025-04-07 | 6 Medium |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | ||||
| CVE-2022-43975 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | 7.5 High |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. | ||||
| CVE-2025-31827 | 2025-04-07 | 4.9 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vlad.olaru Fonto allows Path Traversal. This issue affects Fonto: from n/a through 1.2.2. | ||||