Total
6715 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44195 | 1 Apple | 1 Macos | 2025-01-23 | N/A | 7.5 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files. | |||||
| CVE-2024-26261 | 1 Hgiga | 4 Oaklouds-organization-2.0, Oaklouds-organization-3.0, Oaklouds-webbase-2.0 and 1 more | 2025-01-23 | N/A | 9.8 CRITICAL |
| The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. | |||||
| CVE-2024-0818 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-23 | N/A | 9.1 CRITICAL |
| Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 | |||||
| CVE-2023-42229 | 2025-01-23 | N/A | 6.5 MEDIUM | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. | |||||
| CVE-2023-42227 | 2025-01-23 | N/A | 7.5 HIGH | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. | |||||
| CVE-2023-42226 | 2025-01-23 | N/A | 7.5 HIGH | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | |||||
| CVE-2023-42225 | 2025-01-23 | N/A | 7.5 HIGH | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | |||||
| CVE-2024-25156 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-01-23 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. | |||||
| CVE-2023-42232 | 2025-01-23 | N/A | 7.5 HIGH | ||
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. | |||||
| CVE-2024-42187 | 2025-01-23 | N/A | 5.3 MEDIUM | ||
| BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks. | |||||
| CVE-2024-38768 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 4.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion, Path Traversal.This issue affects The Pack Elementor addons: from n/a through 2.0.8.6. | |||||
| CVE-2023-30509 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-22 | N/A | 4.9 MEDIUM |
| Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2023-30508 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-22 | N/A | 4.9 MEDIUM |
| Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2024-50453 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 7.5 HIGH |
| Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9. | |||||
| CVE-2024-1974 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | N/A | 8.8 HIGH |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2023-32767 | 1 Symcon | 1 Ip Symcon | 2025-01-22 | N/A | 7.5 HIGH |
| The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. | |||||
| CVE-2022-32427 | 1 Printerlogic | 1 Windows Client | 2025-01-22 | N/A | 8.8 HIGH |
| PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected are advised to upgrade. | |||||
| CVE-2025-23562 | 2025-01-22 | N/A | 5.8 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound XLSXviewer allows Path Traversal. This issue affects XLSXviewer: from n/a through 2.1.1. | |||||
| CVE-2024-32117 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | N/A | 4.9 MEDIUM |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. | |||||
| CVE-2024-32116 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | N/A | 5.1 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | |||||