Total
7623 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40439 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-11 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | ||||
| CVE-2021-24566 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2025-06-11 | 8.8 High |
| The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode. | ||||
| CVE-2023-21417 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2025-06-11 | 7.1 High |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2023-21418 | 1 Axis | 4 Axis Os, Axis Os 2018, Axis Os 2020 and 1 more | 2025-06-11 | 7.1 High |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-25830 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | 9.8 Critical |
| F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | ||||
| CVE-2024-34854 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | 9.8 Critical |
| F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.` | ||||
| CVE-2023-37476 | 1 Openrefine | 1 Openrefine | 2025-06-10 | 5.5 Medium |
| OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources. | ||||
| CVE-2025-5328 | 1 Chshcms | 1 Mccms | 2025-06-10 | 5.4 Medium |
| A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2318 | 1 Zkteco | 1 Zkbio Media | 2025-06-10 | 4.3 Medium |
| A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-24869 | 1 Boldgrid | 1 Total Upkeep | 2025-06-09 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8. | ||||
| CVE-2024-37499 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-09 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Path Traversal.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2. | ||||
| CVE-2024-48019 | 1 Apache | 1 Doris | 2025-06-09 | 5.4 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue. | ||||
| CVE-2025-5381 | 1 Wanglongcn | 1 Yifang | 2025-06-09 | 2.7 Low |
| A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-48744 | 1 Sigb | 1 Pmb | 2025-06-09 | 6.4 Medium |
| In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. | ||||
| CVE-2025-2917 | 1 1000mz | 1 Chestnutcms | 2025-06-09 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32926 | 1 Themegoods | 1 Grand Restaurant | 2025-06-09 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | ||||
| CVE-2025-5509 | 1 Quequnlong | 1 Shiyi-blog | 2025-06-09 | 6.3 Medium |
| A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5545 | 1 Aaluoxiang | 1 Oa System | 2025-06-09 | 4.3 Medium |
| A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2025-5714 | 2025-06-09 | 4.3 Medium | ||
| A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2025-33035 | 2025-06-09 | N/A | ||
| A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | ||||