Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32235 | 1 Ghost | 1 Ghost | 2025-01-29 | N/A | 7.5 HIGH |
| Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. | |||||
| CVE-2023-47178 | 1 Posimyth | 1 The Plus Addons For Elementor | 2025-01-29 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8. | |||||
| CVE-2023-28127 | 1 Ivanti | 1 Avalanche | 2025-01-28 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. | |||||
| CVE-2023-27562 | 1 N8n | 1 N8n | 2025-01-27 | N/A | 6.5 MEDIUM |
| The n8n package 0.218.0 for Node.js allows Directory Traversal. | |||||
| CVE-2018-0296 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. | |||||
| CVE-2018-13379 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-01-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | |||||
| CVE-2023-26126 | 1 M.static Project | 1 M.static | 2025-01-27 | N/A | 5.3 MEDIUM |
| All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. | |||||
| CVE-2023-31477 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-27 | N/A | 7.5 HIGH |
| A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. | |||||
| CVE-2023-29986 | 1 Spring-boot-actuator-logview Project | 1 Spring-boot-actuator-logview | 2025-01-27 | N/A | 5.3 MEDIUM |
| spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. | |||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2025-01-27 | N/A | 6.5 MEDIUM |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | |||||
| CVE-2023-30172 | 1 Lfprojects | 1 Mlflow | 2025-01-27 | N/A | 7.5 HIGH |
| A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | |||||
| CVE-2024-12885 | 2025-01-25 | N/A | 6.5 MEDIUM | ||
| The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content. | |||||
| CVE-2025-0703 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-24611 | 2025-01-24 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9. | |||||
| CVE-2024-3848 | 1 Lfprojects | 1 Mlflow | 2025-01-24 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal. | |||||
| CVE-2020-13377 | 1 Loadbalancer | 1 Enterprise Va Max | 2025-01-24 | N/A | 8.1 HIGH |
| The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files. | |||||
| CVE-2024-7634 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2025-01-24 | N/A | 4.9 MEDIUM |
| NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. | |||||
| CVE-2024-2552 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 6.0 MEDIUM |
| A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | |||||
| CVE-2024-23607 | 1 F5 | 2 F5os-a, F5os-c | 2025-01-24 | N/A | 5.5 MEDIUM |
| A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-23422 | 2025-01-24 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Store Locator allows PHP Local File Inclusion. This issue affects Store Locator: from n/a through 3.98.10. | |||||