Total
8046 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4074 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | N/A |
| Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. | ||||
| CVE-2017-5869 | 1 Nuxeo | 1 Nuxeo | 2025-04-20 | N/A |
| Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. | ||||
| CVE-2017-16936 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2025-04-20 | N/A |
| Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. | ||||
| CVE-2017-16903 | 1 Lvyecms Project | 1 Lvyecms | 2025-04-20 | N/A |
| LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. | ||||
| CVE-2017-16877 | 1 Zeit | 1 Next.js | 2025-04-20 | N/A |
| ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | ||||
| CVE-2017-7442 | 1 Gonitro | 1 Nitro Pro | 2025-04-20 | N/A |
| Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | ||||
| CVE-2017-16788 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | ||||
| CVE-2017-16762 | 1 Sanic Project | 1 Sanic | 2025-04-20 | N/A |
| Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | ||||
| CVE-2017-16759 | 1 Librenms | 1 Librenms | 2025-04-20 | N/A |
| The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. | ||||
| CVE-2017-7358 | 2 Canonical, Lightdm Project | 2 Ubuntu Linux, Lightdm | 2025-04-20 | N/A |
| In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out. | ||||
| CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | N/A |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | ||||
| CVE-2017-9416 | 1 Odoo | 1 Odoo | 2025-04-20 | N/A |
| Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | ||||
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2025-04-20 | N/A |
| A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | ||||
| CVE-2024-55602 | 1 Pwndoc Project | 1 Pwndoc | 2025-04-18 | 7.6 High |
| PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue. | ||||
| CVE-2024-4442 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-18 | 9.1 Critical |
| The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | ||||
| CVE-2022-29580 | 1 Google | 1 Google Search | 2025-04-18 | 8.9 High |
| There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41 | ||||
| CVE-2022-40264 | 1 Iconics | 1 Genesis64 | 2025-04-18 | 6.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker. | ||||
| CVE-2022-34271 | 1 Apache | 1 Atlas | 2025-04-18 | 8.8 High |
| A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. | ||||
| CVE-2025-27283 | 2025-04-17 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator allows Path Traversal. This issue affects Theme File Duplicator: from n/a through 1.3. | ||||
| CVE-2025-39568 | 2025-04-17 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3. | ||||