Total
7189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27620 | 1 Synology | 2 Diskstation Manager, Sso Server | 2025-01-14 | N/A | 6.8 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2022-27618 | 1 Synology | 2 Diskstation Manager, Storage Analyzer | 2025-01-14 | N/A | 6.8 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2022-22679 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | |||||
| CVE-2022-27621 | 1 Synology | 2 Diskstation Manager, Usb Copy | 2025-01-14 | N/A | 5.5 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2021-29087 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. | |||||
| CVE-2021-29088 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.6 MEDIUM | 7.8 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2024-13158 | 2025-01-14 | N/A | 7.2 HIGH | ||
| An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2022-24629 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | N/A | 9.8 CRITICAL |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/. | |||||
| CVE-2021-27825 | 1 Mercurycom | 2 Mac1200r, Mac1200r Firmware | 2025-01-14 | N/A | 7.5 HIGH |
| A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL. | |||||
| CVE-2023-28344 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | N/A | 7.1 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console. | |||||
| CVE-2022-47526 | 1 Fox-it | 2 Fox Datadiode, Fox Datadiode Firmware | 2025-01-14 | N/A | 9.8 CRITICAL |
| Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-0461 | 2025-01-14 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-39787 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter. | |||||
| CVE-2024-39786 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter. | |||||
| CVE-2024-12083 | 2025-01-14 | N/A | 6.6 MEDIUM | ||
| Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products. | |||||
| CVE-2023-29380 | 1 Linuxmint | 1 Warpinator | 2025-01-13 | N/A | 7.5 HIGH |
| Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. | |||||
| CVE-2022-36243 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | N/A | 5.3 MEDIUM |
| Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. | |||||
| CVE-2023-30196 | 1 Webbax | 1 Salesbooster | 2025-01-13 | N/A | 7.5 HIGH |
| Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. | |||||
| CVE-2023-52953 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.2 MEDIUM |
| Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2022-29081 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | |||||