Total
7343 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41418 | 1 Blogengine | 1 Blogengine.net | 2025-04-17 | 7.2 High |
| An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | ||||
| CVE-2022-23530 | 1 Datadoghq | 1 Guarddog | 2025-04-17 | 5.8 Medium |
| GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths. | ||||
| CVE-2022-23531 | 1 Datadoghq | 1 Guarddog | 2025-04-17 | 5.8 Medium |
| GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. | ||||
| CVE-2022-4063 | 1 Pluginus | 1 Inpost Gallery | 2025-04-17 | 9.8 Critical |
| The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | ||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | 7.5 High |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-40607 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2025-04-17 | 6.8 Medium |
| IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. | ||||
| CVE-2024-46644 | 1 Enms | 1 Enms | 2025-04-16 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | ||||
| CVE-2024-46645 | 1 Enms | 1 Enms | 2025-04-16 | 7.5 High |
| eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. | ||||
| CVE-2024-46646 | 1 Enms | 1 Enms | 2025-04-16 | 6.5 Medium |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | ||||
| CVE-2024-46647 | 1 Enms | 1 Enms | 2025-04-16 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | ||||
| CVE-2024-46648 | 1 Enms | 1 Enms | 2025-04-16 | 7.5 High |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | ||||
| CVE-2024-46649 | 1 Enms | 1 Enms | 2025-04-16 | 7.5 High |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | ||||
| CVE-2022-41591 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | 7.5 High |
| The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. | ||||
| CVE-2022-25895 | 1 Lite-dev-server Project | 1 Lite-dev-server | 2025-04-16 | 7.5 High |
| All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | ||||
| CVE-2024-33869 | 2 Artifex, Redhat | 3 Ghostscript, Enterprise Linux, Rhel Eus | 2025-04-16 | 5.3 Medium |
| An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. | ||||
| CVE-2024-33870 | 2 Artifex, Redhat | 3 Ghostscript, Enterprise Linux, Rhel Eus | 2025-04-16 | 6.3 Medium |
| An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. | ||||
| CVE-2024-46375 | 2 Best House Rental Management System, Mayurik | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-16 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | ||||
| CVE-2024-46376 | 2 Best House Rental Management System, Mayurik | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-16 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | ||||
| CVE-2024-33350 | 2 Taocms, Taogogo | 2 Taocms, Taocms | 2025-04-16 | 9.8 Critical |
| Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | ||||
| CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | 6.5 Medium |
| Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | ||||