Total
7344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20145 | 1 Tecrail | 1 Responsive Filemanager | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2022-3939 | 1 Ferry Project | 1 Ferry | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3940 | 1 Ferry Project | 1 Ferry | 2025-04-15 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. | ||||
| CVE-2022-3966 | 1 Ultimatemember | 1 Ultimate Member | 2025-04-15 | 4.3 Medium |
| A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability. | ||||
| CVE-2022-3976 | 1 Mz-automation | 1 Libiec61850 | 2025-04-15 | 5.5 Medium |
| A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. | ||||
| CVE-2022-4402 | 1 Docsys Project | 1 Docsys | 2025-04-15 | 4.7 Medium |
| A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271. | ||||
| CVE-2022-4493 | 1 Scif | 1 Scifio | 2025-04-15 | 6.3 Medium |
| A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215803. | ||||
| CVE-2022-4494 | 1 Mcp Mapping Viewer Project | 1 Mcp Mapping Viewer | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Affected by this issue is the function extractZip of the file src/main/java/bspkrs/mmv/RemoteZipHandler.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The name of the patch is 6e602746c96b4756c271d080dae7d22ad804a1bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215804. | ||||
| CVE-2022-4572 | 1 Ubi Reader Project | 1 Ubi Reader | 2025-04-15 | 5.4 Medium |
| A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-216146 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4583 | 1 Neuroml | 1 Jlems | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src/main/java/org/lemsml/jlems/io/util/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability. | ||||
| CVE-2022-4594 | 1 Tjws2 Project | 1 Tjws2 | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187. | ||||
| CVE-2022-46492 | 1 Nbnbk Project | 1 Nbnbk | 2025-04-15 | 6.5 Medium |
| nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary. | ||||
| CVE-2022-46171 | 1 Tauri | 1 Tauri | 2025-04-15 | 6.8 Medium |
| Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication. | ||||
| CVE-2022-45894 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | 6.5 Medium |
| GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. | ||||
| CVE-2020-36629 | 1 Httpster Project | 1 Httpster | 2025-04-14 | 5.5 Medium |
| A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748. | ||||
| CVE-2023-0582 | 1 Forgerock | 1 Access Management | 2025-04-14 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | ||||
| CVE-2023-0511 | 1 Forgerock | 1 Java Policy Agents | 2025-04-14 | 9.1 Critical |
| Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 | ||||
| CVE-2023-0339 | 1 Forgerock | 1 Web Policy Agents | 2025-04-14 | 9.1 Critical |
| Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 | ||||
| CVE-2021-39369 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-14 | 6.5 Medium |
| In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | ||||
| CVE-2022-4511 | 1 Docsys Project | 1 Docsys | 2025-04-14 | 5.3 Medium |
| A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851. | ||||