Total
7449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-10048 | 2025-08-08 | N/A | N/A | ||
| Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user. | |||||
| CVE-2025-6445 | 1 Servicestack | 1 Servicestack | 2025-08-08 | N/A | 8.1 HIGH |
| ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the FindType method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25837. | |||||
| CVE-2023-42033 | 1 Visualware | 1 Myconnection Server | 2025-08-08 | N/A | 7.2 HIGH |
| Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Visualware MyConnection Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the doPostUploadfiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21612. | |||||
| CVE-2024-48884 | 1 Fortinet | 7 Fortimanager, Fortimanager Cloud, Fortios and 4 more | 2025-08-08 | N/A | 7.5 HIGH |
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder | |||||
| CVE-2023-32177 | 1 Vipre | 1 Antivirus | 2025-08-08 | N/A | 7.8 HIGH |
| VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DeleteHistoryFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-19395. | |||||
| CVE-2023-32176 | 1 Vipre | 1 Antivirus | 2025-08-08 | N/A | 7.8 HIGH |
| VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SetPrivateConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-19394. | |||||
| CVE-2025-29865 | 2025-08-07 | N/A | N/A | ||
| : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035. | |||||
| CVE-2024-55401 | 2025-08-07 | N/A | 6.5 MEDIUM | ||
| An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal. | |||||
| CVE-2024-5581 | 1 Alltena | 1 Allegra | 2025-08-07 | N/A | 7.2 HIGH |
| Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23453. | |||||
| CVE-2023-32164 | 1 Dlink | 1 D-view 8 | 2025-08-07 | N/A | 7.5 HIGH |
| D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpSendFileThread class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-19496. | |||||
| CVE-2023-32165 | 1 Dlink | 1 D-view 8 | 2025-08-07 | N/A | 9.8 CRITICAL |
| D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpReceiveFileHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19497. | |||||
| CVE-2023-32166 | 1 Dlink | 1 D-view 8 | 2025-08-07 | N/A | 8.1 HIGH |
| D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadFile function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of SYSTEM. Was ZDI-CAN-19527. | |||||
| CVE-2025-5981 | 1 Google | 1 Osv-scalibr | 2025-08-07 | N/A | 6.5 MEDIUM |
| Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. | |||||
| CVE-2024-4982 | 1 Redhat | 1 Pagure | 2025-08-07 | N/A | 7.6 HIGH |
| A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server. | |||||
| CVE-2016-6321 | 1 Gnu | 1 Tar | 2025-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | |||||
| CVE-2023-27326 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A | 8.2 HIGH |
| Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. . Was ZDI-CAN-18933. | |||||
| CVE-2025-44137 | 1 Maptiler | 1 Tileserver Php | 2025-08-06 | N/A | 8.2 HIGH |
| MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format" | |||||
| CVE-2025-48394 | 2025-08-06 | N/A | 4.7 MEDIUM | ||
| An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center. | |||||
| CVE-2025-41396 | 1 Alfasado | 1 Powercms | 2025-08-06 | N/A | 5.4 MEDIUM |
| A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user. | |||||
| CVE-2025-8426 | 1 Marvell | 1 Qconvergeconsole | 2025-08-06 | N/A | 9.4 CRITICAL |
| Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressConfigFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-24915. | |||||