Total
7477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32943 | 2025-04-15 | N/A | 3.7 LOW | ||
| The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint. | |||||
| CVE-2025-3547 | 2025-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3445 | 2025-04-15 | N/A | 8.1 HIGH | ||
| A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the archiver.Unarchive functionality with ZIP files, like this: archiver.Unarchive(zipFile, outputDir), A crafted ZIP file can be extracted in such a way that it writes files to the affected system with the same privileges as the application executing this vulnerable functionality. Consequently, sensitive files may be overwritten, potentially leading to privilege escalation, code execution, and other severe outcomes in some cases. It's worth noting that a similar vulnerability was found in TAR files (CVE-2024-0406). Although a fix was implemented, it hasn't been officially released, and the affected project has since been deprecated. The successor to mholt/archiver is a new project called mholt/archives, and its initial release (v0.1.0) removes the Unarchive() functionality. | |||||
| CVE-2024-37410 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2025-04-15 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3. | |||||
| CVE-2022-47945 | 1 Thinkphp | 1 Thinkphp | 2025-04-15 | N/A | 9.8 CRITICAL |
| ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. | |||||
| CVE-2022-44016 | 1 Simmeth | 1 Lieferantenmanager | 2025-04-15 | N/A | 7.5 HIGH |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value. | |||||
| CVE-2022-46492 | 1 Nbnbk Project | 1 Nbnbk | 2025-04-15 | N/A | 6.5 MEDIUM |
| nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary. | |||||
| CVE-2022-45894 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | N/A | 6.5 MEDIUM |
| GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. | |||||
| CVE-2023-0582 | 1 Forgerock | 1 Access Management | 2025-04-14 | N/A | 8.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | |||||
| CVE-2023-0511 | 1 Forgerock | 1 Java Policy Agents | 2025-04-14 | N/A | 9.1 CRITICAL |
| Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 | |||||
| CVE-2023-0339 | 1 Forgerock | 1 Web Policy Agents | 2025-04-14 | N/A | 9.1 CRITICAL |
| Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 | |||||
| CVE-2021-39369 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-14 | N/A | 6.5 MEDIUM |
| In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | |||||
| CVE-2024-34315 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 7.5 HIGH |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||||
| CVE-2024-32163 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 6.4 MEDIUM |
| CMSeasy 7.7.7.9 is vulnerable to code execution. | |||||
| CVE-2023-40279 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do. | |||||
| CVE-2023-40280 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp. | |||||
| CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. | |||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-5187 | 1 Tom M8te Plugin Project | 1 Tom-m8te Plugin | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. | |||||
| CVE-2015-6500 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. | |||||