Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20505 | 1 Google | 1 Android | 2025-04-21 | N/A | 6.7 MEDIUM |
| In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754 | |||||
| CVE-2024-4442 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-18 | N/A | 9.1 CRITICAL |
| The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | |||||
| CVE-2025-39568 | 2025-04-17 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3. | |||||
| CVE-2025-27299 | 2025-04-17 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events allows Path Traversal. This issue affects MyTicket Events: from n/a through 1.2.4. | |||||
| CVE-2025-27283 | 2025-04-17 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator allows Path Traversal. This issue affects Theme File Duplicator: from n/a through 1.3. | |||||
| CVE-2024-46987 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | N/A | 7.7 HIGH |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-46986 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | N/A | 9.9 CRITICAL |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-46137 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | |||||
| CVE-2021-22650 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 9.8 CRITICAL |
| An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | |||||
| CVE-2025-24406 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-17 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-41418 | 1 Blogengine | 1 Blogengine.net | 2025-04-17 | N/A | 7.2 HIGH |
| An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | |||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-4063 | 1 Pluginus | 1 Inpost Gallery | 2025-04-17 | N/A | 9.8 CRITICAL |
| The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | |||||
| CVE-2022-25895 | 1 Lite-dev-server Project | 1 Lite-dev-server | 2025-04-16 | N/A | 7.5 HIGH |
| All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2022-41591 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
| The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. | |||||
| CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2025-04-16 | N/A | 6.5 MEDIUM |
| Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | |||||
| CVE-2022-25931 | 1 Easy-static-server Project | 1 Easy-static-server | 2025-04-16 | N/A | 7.5 HIGH |
| All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2024-53961 | 1 Adobe | 1 Coldfusion | 2025-04-16 | N/A | 8.1 HIGH |
| ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. Exploitation of this issue requires the admin panel be exposed to the internet. | |||||
| CVE-2025-27410 | 1 Pwndoc Project | 1 Pwndoc | 2025-04-16 | N/A | 6.5 MEDIUM |
| PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included `.js` file and restarting the container, this allows for Remote Code Execution as an administrator. The remote code execution occurs because any user with the `backups:create` and `backups:update` (only administrators by default) is able to overwrite any file on the system. Version 1.2.0 fixes the issue. | |||||
| CVE-2023-47279 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-15 | N/A | 7.5 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | |||||