Total
9449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41971 | 2026-04-15 | 8.1 High | ||
| A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. | ||||
| CVE-2025-69055 | 2 Seatheme, Wordpress | 2 Bm Content Builder, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through < 3.16.3.3. | ||||
| CVE-2025-23416 | 2026-04-15 | 4.9 Medium | ||
| Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25. | ||||
| CVE-2025-1127 | 1 Lexmark | 1 Lexmark | 2026-04-15 | 9.1 Critical |
| The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem. | ||||
| CVE-2024-37728 | 1 Officeweb365 | 1 Officeweb365 | 2026-04-15 | 7.5 High |
| Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface | ||||
| CVE-2025-0632 | 2026-04-15 | N/A | ||
| Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: from 3.2.1.1 and later | ||||
| CVE-2024-37825 | 2026-04-15 | 5.4 Medium | ||
| An issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (fixed in OneStop 3.2.0.27184 Hotfix May 2024) allows unauthenticated attackers on the same network to perform a directory traversal. | ||||
| CVE-2024-27954 | 1 Wp Automatic | 1 Automatic | 2026-04-15 | 9.3 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | ||||
| CVE-2025-59372 | 1 Asus | 1 Router | 2026-04-15 | N/A |
| A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. | ||||
| CVE-2024-38816 | 2 Redhat, Spring By Vmware Tanzu | 3 Apache Camel Spring Boot, Rhboac Hawtio, Spring Framework | 2026-04-15 | 7.5 High |
| Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use * the application runs on Tomcat or Jetty | ||||
| CVE-2025-3043 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2024-51483 | 1 Changedetection | 1 Changedetection | 2026-04-15 | N/A |
| changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditional `file:///etc/passwd` gets blocked. Version 0.47.5 fixes the issue. | ||||
| CVE-2025-22240 | 2026-04-15 | 6.3 Medium | ||
| Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to. | ||||
| CVE-2025-0615 | 2026-04-15 | 5.3 Medium | ||
| Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted. | ||||
| CVE-2024-42499 | 1 Fitnesse | 1 Fitnesse | 2026-04-15 | 5.3 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions. | ||||
| CVE-2025-65077 | 1 Lexmark | 40 Cslbl, Cslbn, Csngv and 37 more | 2026-04-15 | N/A |
| A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | ||||
| CVE-2024-31587 | 1 Secu | 1 Secustation Firmware | 2026-04-15 | 6.5 Medium |
| SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. | ||||
| CVE-2025-42970 | 2026-04-15 | 5.8 Medium | ||
| SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality. | ||||
| CVE-2025-27716 | 2026-04-15 | N/A | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. | ||||
| CVE-2023-23700 | 2026-04-15 | 7.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. | ||||