Total
8078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68916 | 1 Riello-ups | 1 Netman 208 | 2026-01-02 | N/A | 9.1 CRITICAL |
| Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution. | |||||
| CVE-2023-47467 | 1 Jeecg | 1 Jeecg Boot | 2026-01-02 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | |||||
| CVE-2025-67442 | 1 Eve-ng | 1 Eve-ng | 2026-01-02 | N/A | 7.6 HIGH |
| EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users. | |||||
| CVE-2025-53594 | 2026-01-02 | N/A | N/A | ||
| A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Qfinder Pro Mac 7.13.0 and later Qsync for Mac 5.1.5 and later QVPN Device Client for Mac 2.2.8 and later | |||||
| CVE-2025-68279 | 1 Weblate | 1 Weblate | 2026-01-02 | N/A | 7.7 HIGH |
| Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue. | |||||
| CVE-2025-68398 | 1 Weblate | 1 Weblate | 2026-01-02 | N/A | 9.1 CRITICAL |
| Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue. | |||||
| CVE-2024-25183 | 1 Vvveb | 1 Vvvebjs | 2026-01-02 | N/A | 7.5 HIGH |
| givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php. | |||||
| CVE-2025-15245 | 1 Dlink | 2 Dcs-850l, Dcs-850l Firmware | 2025-12-31 | 2.7 LOW | 3.5 LOW |
| A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-42718 | 1 Croogo | 1 Croogo | 2025-12-31 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter. | |||||
| CVE-2025-15225 | 1 Sun.net | 1 Wmpro | 2025-12-31 | N/A | 7.5 HIGH |
| WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. | |||||
| CVE-2025-14728 | 2025-12-31 | N/A | 6.8 MEDIUM | ||
| Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficient sanitization of directory names which end with a ".", only encoding the final "." AS "%2E". Although files can be written to incorrect locations, the containing directory must end with "%2E". This limits the impact of this vulnerability, and prevents it from overwriting critical files. | |||||
| CVE-2025-15227 | 1 Welltend | 1 Bpmflowwebkit | 2025-12-31 | N/A | 7.5 HIGH |
| BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | |||||
| CVE-2025-15187 | 1 Njtech | 1 Greencms | 2025-12-31 | 4.7 MEDIUM | 3.8 LOW |
| A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-14850 | 1 Advantech | 1 Webaccess\/scada | 2025-12-31 | N/A | 8.1 HIGH |
| Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files. | |||||
| CVE-2020-12103 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 4.0 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. | |||||
| CVE-2021-40964 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer. | |||||
| CVE-2021-45010 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | |||||
| CVE-2022-1000 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. | |||||
| CVE-2020-12102 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 6.8 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). | |||||
| CVE-2025-15138 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||