Total
8116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1228 | 2025-02-12 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2023-26820 | 1 Siteproxy Project | 1 Siteproxy | 2025-02-12 | N/A | 7.5 HIGH |
| siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. | |||||
| CVE-2020-19678 | 2 Oisf, Pfsense | 3 Suricata, Pfsense, Suricata Package | 2025-02-12 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. | |||||
| CVE-2024-54909 | 2025-02-12 | N/A | 8.1 HIGH | ||
| A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. | |||||
| CVE-2023-29478 | 1 Bibliocraftmod | 1 Bibliocraft | 2025-02-11 | N/A | 9.8 CRITICAL |
| BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution. | |||||
| CVE-2025-25163 | 1 Pluginab | 1 Plugin A\/b Image Optimizer | 2025-02-11 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3. | |||||
| CVE-2024-53586 | 2025-02-11 | N/A | 5.3 MEDIUM | ||
| An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory. | |||||
| CVE-2023-1478 | 1 Incsub | 1 Hummingbird | 2025-02-11 | N/A | 9.8 CRITICAL |
| The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. | |||||
| CVE-2023-0156 | 1 Updraftplus | 1 All-in-one Security | 2025-02-11 | N/A | 4.9 MEDIUM |
| The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file. | |||||
| CVE-2025-0750 | 2025-02-11 | N/A | 6.6 MEDIUM | ||
| A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories. | |||||
| CVE-2024-49411 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 4.3 MEDIUM |
| Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | |||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | N/A | 8.4 HIGH |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | |||||
| CVE-2024-52481 | 1 Astoundify | 1 Jobify | 2025-02-10 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | |||||
| CVE-2023-27648 | 1 Timmystudios | 1 Change Color Of Keypad | 2025-02-10 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. | |||||
| CVE-2024-8685 | 2025-02-10 | N/A | 4.3 MEDIUM | ||
| Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to list device directories via the ‘/pictory/php/getFileList.php’ endpoint in the ‘dir’ parameter. | |||||
| CVE-2022-47027 | 1 Timmystudios | 1 Fast Typing Keyboard | 2025-02-07 | N/A | 9.8 CRITICAL |
| Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution. | |||||
| CVE-2024-51534 | 1 Dell | 1 Data Domain Operating System | 2025-02-07 | N/A | 7.1 HIGH |
| Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service. | |||||
| CVE-2024-2224 | 1 Bitdefender | 2 Endpoint Security, Gravityzone Control Center | 2025-02-07 | N/A | 8.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | |||||
| CVE-2024-27081 | 1 Esphome | 1 Esphome | 2025-02-07 | N/A | 7.2 HIGH |
| ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1. | |||||
| CVE-2024-12875 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 4.9 MEDIUM |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||