Total
9392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22479 | 1 Dell | 1 Storage Manager | 2025-05-13 | 3.5 Low |
| Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2022-23770 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2025-05-13 | 8.8 High |
| This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal. | ||||
| CVE-2024-57451 | 1 1000mz | 1 Chestnutcms | 2025-05-13 | 7.5 High |
| ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. | ||||
| CVE-2024-6648 | 1 Apollotheme | 1 Ap Pagebuilder | 2025-05-13 | 7.5 High |
| Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system. | ||||
| CVE-2022-3060 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 7.3 High |
| Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | ||||
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2025-05-13 | 7.5 High |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | ||||
| CVE-2024-27279 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | 6.5 Medium |
| Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files. | ||||
| CVE-2024-25859 | 2 Blesta, Phillipsdata | 2 Blesta, Blesta | 2025-05-13 | 7.1 High |
| A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. | ||||
| CVE-2025-25997 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-13 | 7.5 High |
| Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. | ||||
| CVE-2024-39722 | 1 Ollama | 1 Ollama | 2025-05-13 | 7.5 High |
| An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route. | ||||
| CVE-2023-51401 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | 6.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. | ||||
| CVE-2025-2032 | 1 1000mz | 1 Chestnutcms | 2025-05-12 | 3.5 Low |
| A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30290 | 1 Adobe | 1 Coldfusion | 2025-05-12 | 8.7 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2020-24855 | 1 Easyjs | 1 Easywebpack-cli | 2025-05-12 | 5.3 Medium |
| Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request. | ||||
| CVE-2024-31394 | 1 Appleple | 1 A-blog Cms | 2025-05-12 | 6.5 Medium |
| Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server. | ||||
| CVE-2022-0072 | 1 Litespeedtech | 1 Openlitespeed | 2025-05-09 | 5.8 Medium |
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | ||||
| CVE-2024-22096 | 1 Rapidscada | 1 Rapid Scada | 2025-05-09 | 6.5 Medium |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. | ||||
| CVE-2024-1163 | 1 Mapshaper | 1 Mapshaper | 2025-05-09 | 7.1 High |
| The attacker may exploit a path traversal vulnerability leading to information disclosure. | ||||
| CVE-2024-1082 | 1 Github | 1 Enterprise Server | 2025-05-09 | 6.3 Medium |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-23673 | 1 Apache | 1 Sling Servlets Resolver | 2025-05-09 | 8.5 High |
| Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. | ||||