Total
7467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23767 | 2 Hanssak, Microsoft | 3 Securegate, Weblink, Windows | 2025-06-03 | N/A | 8.8 HIGH |
| This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system. | |||||
| CVE-2022-39001 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2025-06-03 | N/A | 7.5 HIGH |
| The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure. | |||||
| CVE-2025-5160 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5159 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5158 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoftware. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5157 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5161 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-20805 | 1 Samsung | 2 Android, Myfiles | 2025-06-03 | N/A | 3.3 LOW |
| Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. | |||||
| CVE-2023-51127 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-03 | N/A | 7.5 HIGH |
| FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. | |||||
| CVE-2023-50916 | 1 Kyocera | 1 Device Manager | 2025-06-03 | N/A | 7.2 HIGH |
| Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks. | |||||
| CVE-2023-47890 | 1 Pyload | 1 Pyload | 2025-06-03 | N/A | 8.8 HIGH |
| pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | |||||
| CVE-2023-45722 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | N/A | 8.8 HIGH |
| HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. | |||||
| CVE-2023-37607 | 1 Automaticsystems | 2 Soc Fl9600 Firstlane, Soc Fl9600 Firstlane Firmware | 2025-06-03 | N/A | 7.5 HIGH |
| Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter. | |||||
| CVE-2023-29962 | 1 S-cms | 1 S-cms | 2025-06-03 | N/A | 6.5 MEDIUM |
| S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | |||||
| CVE-2023-46749 | 1 Apache | 1 Shiro | 2025-06-03 | N/A | 6.5 MEDIUM |
| Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default). | |||||
| CVE-2024-41511 | 1 4pace | 1 Cadclick | 2025-06-02 | N/A | 3.9 LOW |
| A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter. | |||||
| CVE-2025-5380 | 2025-06-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-5385 | 2025-06-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2023-2252 | 1 Wpwax | 1 Directorist | 2025-06-02 | N/A | 2.7 LOW |
| The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. | |||||
| CVE-2024-27199 | 1 Jetbrains | 1 Teamcity | 2025-05-30 | N/A | 7.3 HIGH |
| In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | |||||