Total
8116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26969 | 1 Atrocore | 1 Atropim | 2025-02-07 | N/A | 7.5 HIGH |
| Atropim 1.5.26 is vulnerable to Directory Traversal. | |||||
| CVE-2023-26559 | 1 Sync | 2 Oxygen Content Fusion, Oxygen Xml Web Author | 2025-02-07 | N/A | 5.3 MEDIUM |
| A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.) | |||||
| CVE-2025-25155 | 2025-02-07 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer: from n/a through 4.1. | |||||
| CVE-2023-41182 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-07 | N/A | 8.8 HIGH |
| NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ZipUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19716. | |||||
| CVE-2023-38511 | 1 Combodo | 1 Itop | 2025-02-06 | N/A | 5.0 MEDIUM |
| iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1. | |||||
| CVE-2022-34127 | 1 Glpi-project | 1 Manageentities | 2025-02-06 | N/A | 7.5 HIGH |
| The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter. | |||||
| CVE-2022-34126 | 1 Glpi-project | 1 Activity | 2025-02-06 | N/A | 7.5 HIGH |
| The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter. | |||||
| CVE-2024-27946 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. | |||||
| CVE-2024-3107 | 1 Brainstormforce | 1 Spectra | 2025-02-06 | N/A | 4.3 MEDIUM |
| The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information. | |||||
| CVE-2023-29887 | 1 Nuovo | 1 Spreadsheet-reader | 2025-02-06 | N/A | 7.5 HIGH |
| A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. | |||||
| CVE-2024-26150 | 1 Linuxfoundation | 1 Backstage Backend-common | 2025-02-05 | N/A | 8.7 HIGH |
| `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10. | |||||
| CVE-2023-28459 | 1 Pretalx | 1 Pretalx | 2025-02-05 | N/A | 6.5 MEDIUM |
| pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files. | |||||
| CVE-2023-28458 | 1 Pretalx | 1 Pretalx | 2025-02-05 | N/A | 4.3 MEDIUM |
| pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file. | |||||
| CVE-2024-13545 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2025-02-05 | N/A | 9.8 CRITICAL |
| The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution. | |||||
| CVE-2023-21093 | 1 Google | 1 Android | 2025-02-05 | N/A | 7.8 HIGH |
| In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832 | |||||
| CVE-2024-38706 | 1 Hasthemes | 1 Ht Mega | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7. | |||||
| CVE-2023-26101 | 1 Progress | 1 Flowmon Packet Investigator | 2025-02-05 | N/A | 7.5 HIGH |
| In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | |||||
| CVE-2023-47679 | 1 Qodeinteractive | 1 Qi Addons For Elementor | 2025-02-05 | N/A | 6.4 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3. | |||||
| CVE-2024-13409 | 1 Wpwax | 1 Post Grid\, Slider \& Carousel Ultimate | 2025-02-05 | N/A | 7.5 HIGH |
| The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2023-31059 | 1 Repetier-server | 1 Repetier-server | 2025-02-04 | N/A | 7.5 HIGH |
| Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | |||||