Vulnerabilities (CVE)

Filtered by CWE-22
Total 7230 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-34023 2025-06-23 N/A N/A
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences (e.g., ../../). This can expose sensitive files such as /etc/passwd and /etc/shadow.
CVE-2025-34022 2025-06-23 N/A N/A
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.
CVE-2025-3577 1 Zyxel 2 Amg1302-t10b, Amg1302-t10b Firmware 2025-06-23 N/A 4.9 MEDIUM
**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.
CVE-2024-35324 1 Douchat 1 Douchat 2025-06-23 N/A 9.8 CRITICAL
Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.
CVE-2024-5154 2 Kubernetes, Redhat 3 Cri-o, Enterprise Linux, Openshift Container Platform 2025-06-23 N/A 8.1 HIGH
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
CVE-2025-46096 1 Noear 1 Solon 2025-06-23 N/A 6.1 MEDIUM
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
CVE-2025-29660 1 Yiiot 2 Xy-3820, Xy-3820 Firmware 2025-06-23 N/A 9.8 CRITICAL
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.
CVE-2024-23904 1 Jenkins 1 Log Command 2025-06-20 N/A 7.5 HIGH
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.
CVE-2024-22523 1 Fuwushe 1 Ifair 2025-06-20 N/A 7.5 HIGH
Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component.
CVE-2024-12087 8 Almalinux, Archlinux, Gentoo and 5 more 18 Almalinux, Arch Linux, Linux and 15 more 2025-06-20 N/A 6.5 MEDIUM
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
CVE-2023-52288 1 Sujeetkv 1 Flaskcode 2025-06-20 N/A 7.5 HIGH
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.
CVE-2023-48166 1 Unify 1 Openscape Voice 2025-06-20 N/A 7.5 HIGH
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.
CVE-2025-49138 1 Haxtheweb 1 Haxcms-php 2025-06-20 N/A 6.5 MEDIUM
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.
CVE-2024-57186 1 Erxes 1 Erxes 2025-06-20 N/A 5.4 MEDIUM
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
CVE-2024-57189 1 Erxes 1 Erxes 2025-06-20 N/A 5.4 MEDIUM
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
CVE-2024-35081 1 Luckyframe 1 Luckyframeweb 2025-06-18 N/A 7.5 HIGH
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method.
CVE-2024-12088 8 Almalinux, Archlinux, Gentoo and 5 more 20 Almalinux, Arch Linux, Linux and 17 more 2025-06-18 N/A 6.5 MEDIUM
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVE-2025-50202 2025-06-18 N/A 7.5 HIGH
Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.
CVE-2025-2830 1 Mozilla 1 Thunderbird 2025-06-18 N/A 6.3 MEDIUM
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.
CVE-2024-10811 1 Ivanti 1 Endpoint Manager 2025-06-17 N/A 9.8 CRITICAL
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.