Total
7444 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31493 | 1 Getkirby | 1 Kirby | 2025-08-26 | N/A | 9.1 CRITICAL |
| Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded. | |||||
| CVE-2025-6020 | 2025-08-26 | N/A | 7.8 HIGH | ||
| A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | |||||
| CVE-2014-0754 | 1 Schneider-electric | 86 171ccc96020, 171ccc96020 Firmware, 171ccc96020c and 83 more | 2025-08-26 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. | |||||
| CVE-2025-9118 | 2025-08-25 | N/A | N/A | ||
| A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file. | |||||
| CVE-2025-8562 | 2025-08-25 | N/A | 6.5 MEDIUM | ||
| The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can contain sensitive information. | |||||
| CVE-2025-9409 | 2025-08-25 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-53120 | 2025-08-25 | N/A | 9.4 CRITICAL | ||
| A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server. | |||||
| CVE-2025-8023 | 1 Mattermost | 1 Mattermost Server | 2025-08-25 | N/A | 6.8 MEDIUM |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file placement outside intended directories. | |||||
| CVE-2025-2743 | 1 Iocoder | 1 Ruoyi-vue-pro | 2025-08-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2708 | 1 Iocoder | 1 Ruoyi-vue-pro | 2025-08-25 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9675 | 2 Buildah Project, Redhat | 14 Buildah, Enterprise Linux, Enterprise Linux Eus and 11 more | 2025-08-25 | N/A | 7.8 HIGH |
| A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | |||||
| CVE-2014-0751 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2025-08-22 | 6.8 MEDIUM | N/A |
| The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code. | |||||
| CVE-2014-0750 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2025-08-22 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. | |||||
| CVE-2025-8895 | 2025-08-22 | N/A | 9.8 CRITICAL | ||
| The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations. This can be used to copy the contents of wp-config.php into a text file which can then be accessed in a browser to reveal database credentials. | |||||
| CVE-2025-57753 | 2025-08-22 | N/A | N/A | ||
| vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2. | |||||
| CVE-2025-36530 | 2025-08-22 | N/A | 6.8 MEDIUM | ||
| Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin signature enforcement and marketplace restrictions. | |||||
| CVE-2025-53505 | 2025-08-22 | N/A | 4.3 MEDIUM | ||
| Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed. | |||||
| CVE-2012-10061 | 2025-08-22 | N/A | N/A | ||
| Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root. | |||||
| CVE-2025-55523 | 2025-08-22 | N/A | 3.5 LOW | ||
| An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. | |||||
| CVE-2010-20109 | 2025-08-22 | N/A | N/A | ||
| Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data. | |||||