Total
7080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34787 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | N/A | 7.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2022-20453 | 1 Google | 1 Android | 2025-05-01 | N/A | 5.5 MEDIUM |
| In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 | |||||
| CVE-2024-43440 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 7.5 HIGH |
| A flaw was found in moodle. A local file may include risks when restoring block backups. | |||||
| CVE-2024-43434 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 8.1 HIGH |
| The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability. | |||||
| CVE-2023-4990 | 2 Espeak-ng, Mcl-collection | 3 Espeak Ng, Mcl-net, Mcl-net Firmware | 2025-05-01 | N/A | 8.3 HIGH |
| Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. | |||||
| CVE-2024-52883 | 1 Audiocodes | 1 One Voice Operations Center | 2025-05-01 | N/A | 7.5 HIGH |
| An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication. | |||||
| CVE-2024-37032 | 1 Ollama | 1 Ollama | 2025-05-01 | N/A | 8.8 HIGH |
| Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. | |||||
| CVE-2018-5716 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 8.5 HIGH | 8.1 HIGH |
| An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file. | |||||
| CVE-2021-37500 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | N/A | 8.1 HIGH |
| Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | |||||
| CVE-2022-42977 | 1 Atlassian | 1 Confluence Data Center | 2025-04-30 | N/A | 7.5 HIGH |
| The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. | |||||
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2025-04-30 | N/A | 7.5 HIGH |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | |||||
| CVE-2024-25164 | 1 Idurarapp | 1 Idurar | 2025-04-30 | N/A | 7.5 HIGH |
| iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. | |||||
| CVE-2024-29434 | 1 Alldata | 1 Alldata | 2025-04-30 | N/A | 8.3 HIGH |
| An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. | |||||
| CVE-2025-22926 | 1 Os4ed | 1 Opensis | 2025-04-30 | N/A | 9.8 CRITICAL |
| An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. | |||||
| CVE-2022-44008 | 1 Backclick | 1 Backclick | 2025-04-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. | |||||
| CVE-2022-44006 | 1 Backclick | 1 Backclick | 2025-04-30 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file. | |||||
| CVE-2022-43264 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-30 | N/A | 7.5 HIGH |
| Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. | |||||
| CVE-2022-45381 | 1 Jenkins | 1 Pipeline Utility Steps | 2025-04-30 | N/A | 8.1 HIGH |
| Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | |||||
| CVE-2022-42892 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2025-04-30 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. | |||||
| CVE-2022-42125 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 7.5 HIGH |
| Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. | |||||