Total
7079 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-3884 | 2025-05-23 | N/A | 7.5 HIGH | ||
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-24332. | |||||
CVE-2025-47512 | 2025-05-23 | N/A | 8.6 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan allows Path Traversal. This issue affects Tainacan: from n/a through 0.21.14. | |||||
CVE-2025-47603 | 2025-05-23 | N/A | 7.5 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal. This issue affects belingoGeo: from n/a through 1.12.0. | |||||
CVE-2025-47492 | 2025-05-23 | N/A | 8.6 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.4.3. | |||||
CVE-2025-47513 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms allows Path Traversal. This issue affects Infocob CRM Forms: from n/a through 2.4.0. | |||||
CVE-2025-47535 | 2025-05-23 | N/A | 8.6 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal. This issue affects Opal Woo Custom Product Variation: from n/a through 1.2.0. | |||||
CVE-2025-46486 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7. | |||||
CVE-2025-48273 | 2025-05-23 | N/A | 7.5 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2. | |||||
CVE-2025-31053 | 2025-05-23 | N/A | 7.7 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8. | |||||
CVE-2025-46527 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal. This issue affects Web3Press: from n/a through 3.2.0. | |||||
CVE-2024-55415 | 1 Thecontrolgroup | 1 Voyager | 2025-05-23 | N/A | 5.7 MEDIUM |
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. | |||||
CVE-2024-23721 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-05-23 | N/A | 7.5 HIGH |
A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information. | |||||
CVE-2018-5448 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 2.7 LOW | 4.8 MEDIUM |
Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. | |||||
CVE-2025-3223 | 2025-05-21 | N/A | 5.9 MEDIUM | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier. | |||||
CVE-2025-41229 | 2025-05-21 | N/A | 8.2 HIGH | ||
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services. | |||||
CVE-2025-5029 | 2025-05-21 | 5.5 MEDIUM | 5.4 MEDIUM | ||
A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
CVE-2025-48017 | 2025-05-21 | N/A | 9.0 CRITICAL | ||
Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files | |||||
CVE-2025-4524 | 2025-05-21 | N/A | 9.8 CRITICAL | ||
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
CVE-2025-27920 | 1 Srimax | 1 Output Messenger | 2025-05-21 | N/A | 7.2 HIGH |
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. | |||||
CVE-2025-4898 | 1 Munyweki | 1 Student Result Management System | 2025-05-21 | 5.5 MEDIUM | 5.4 MEDIUM |
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |