Total
7397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | |||||
| CVE-2015-2950 | 1 Open Explorer Beta Project | 1 Open Explorer Beta | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | |||||
| CVE-2013-5756 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. | |||||
| CVE-2015-0984 | 1 Honeywell | 8 Excel Web Xl 1000c1000 600 I\/o, Excel Web Xl 1000c1000 600 I\/o Uukl, Excel Web Xl 1000c100 104 I\/o and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. | |||||
| CVE-2014-6095 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2012-5242 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action. | |||||
| CVE-2015-4414 | 1 Se Html5 Album Audio Player Project | 1 Se Html5 Album Audio Player | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2012-5641 | 2 Apache, Mochiweb Project | 2 Couchdb, Mochiweb | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. | |||||
| CVE-2015-2071 | 1 Etouch | 1 Samepage | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter. | |||||
| CVE-2014-7819 | 1 Sprockets Project | 1 Sprockets | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding. | |||||
| CVE-2019-25073 | 1 Goa.design | 1 Goa | 2025-04-11 | N/A | 7.5 HIGH |
| Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory. | |||||
| CVE-2018-25046 | 1 Cloudfoundry | 1 Archiver | 2025-04-11 | N/A | 9.1 CRITICAL |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2024-57549 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | N/A | 7.5 HIGH |
| CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. | |||||
| CVE-2022-44564 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | N/A | 7.8 HIGH |
| Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. | |||||
| CVE-2020-36566 | 1 Tar-utils Project | 1 Tar-utils | 2025-04-11 | N/A | 9.1 CRITICAL |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2020-36561 | 1 Unzip Project | 1 Unzip | 2025-04-11 | N/A | 9.1 CRITICAL |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2020-36560 | 1 Go-unzip Project | 1 Go-unzip | 2025-04-11 | N/A | 9.1 CRITICAL |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2020-36559 | 1 Aahframework | 1 Aah | 2025-04-11 | N/A | 7.5 HIGH |
| Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | |||||
| CVE-2025-2636 | 2025-04-11 | N/A | 9.8 CRITICAL | ||
| The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2025-32209 | 2025-04-11 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Total processing card payments for WooCommerce allows Path Traversal. This issue affects Total processing card payments for WooCommerce: from n/a through 7.1.5. | |||||