Total
7096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42225 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 7.5 HIGH |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | |||||
| CVE-2021-22650 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 7.5 HIGH |
| An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | |||||
| CVE-2025-24406 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-17 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-41418 | 1 Blogengine | 1 Blogengine.net | 2025-04-17 | N/A | 7.2 HIGH |
| An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | |||||
| CVE-2022-4063 | 1 Pluginus | 1 Inpost Gallery | 2025-04-17 | N/A | 9.8 CRITICAL |
| The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | |||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2024-46644 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 6.5 MEDIUM |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | |||||
| CVE-2024-46645 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 7.5 HIGH |
| eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. | |||||
| CVE-2024-46646 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 6.5 MEDIUM |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | |||||
| CVE-2024-46647 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 6.5 MEDIUM |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | |||||
| CVE-2024-46648 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 7.5 HIGH |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | |||||
| CVE-2024-46649 | 1 Enms | 1 Enms | 2025-04-16 | N/A | 7.5 HIGH |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | |||||
| CVE-2022-41591 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
| The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. | |||||
| CVE-2022-25895 | 1 Lite-dev-server Project | 1 Lite-dev-server | 2025-04-16 | N/A | 7.5 HIGH |
| All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2024-33869 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 5.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. | |||||
| CVE-2024-33870 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 6.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. | |||||
| CVE-2024-46375 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | |||||
| CVE-2024-46376 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | |||||
| CVE-2024-33350 | 1 Taogogo | 1 Taocms | 2025-04-16 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | |||||
| CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | N/A | 6.5 MEDIUM |
| Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | |||||