Total
8708 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25265 | 1 Docmosis | 1 Tornado | 2025-03-18 | 7.5 High |
| Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | ||||
| CVE-2023-0862 | 1 Netmodule | 10 Nb1601, Nb1800, Nb1810 and 7 more | 2025-03-18 | 7.2 High |
| The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | ||||
| CVE-2022-0959 | 1 Pgadmin | 1 Pgadmin 4 | 2025-03-17 | 6.5 Medium |
| A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | ||||
| CVE-2023-0241 | 1 Pgadmin | 1 Pgadmin 4 | 2025-03-17 | 6.5 Medium |
| pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database. | ||||
| CVE-2024-43044 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-03-14 | 8.8 High |
| Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. | ||||
| CVE-2023-26265 | 1 Borg Project | 1 Borg | 2025-03-14 | 5.3 Medium |
| The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them. | ||||
| CVE-2024-31947 | 1 Stonefly | 1 Storage Concentrator | 2025-03-14 | 6.5 Medium |
| StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information. | ||||
| CVE-2024-21677 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-03-13 | 8.8 High |
| This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program. | ||||
| CVE-2023-52544 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 4.3 Medium |
| Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-35428 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-03-13 | 7.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. | ||||
| CVE-2024-31287 | 1 Maxfoundry | 1 Media Library Folders | 2025-03-13 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. | ||||
| CVE-2024-47170 | 1 Agnai | 1 Agnai | 2025-03-12 | 4.3 Medium |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. | ||||
| CVE-2023-24960 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-12 | 7.5 High |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 | ||||
| CVE-2023-0947 | 1 Flatpress | 1 Flatpress | 2025-03-12 | 9.8 Critical |
| Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2023-22973 | 1 Open-emr | 1 Openemr | 2025-03-12 | 8.8 High |
| A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | ||||
| CVE-2023-50233 | 1 Inductiveautomation | 1 Ignition | 2025-03-12 | 8.8 High |
| Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getJavaExecutable method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22029. | ||||
| CVE-2023-51603 | 1 Honeywell | 1 Saia Pg5 Controls Suite | 2025-03-12 | 8.8 High |
| Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. . Was ZDI-CAN-18592. | ||||
| CVE-2023-51599 | 1 Honeywell | 1 Saia Pg5 Controls Suite | 2025-03-12 | 8.8 High |
| Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. . Was ZDI-CAN-18412. | ||||
| CVE-2022-48362 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-03-11 | 8.8 High |
| Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.) | ||||
| CVE-2024-52363 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-11 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||