Total
8708 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45792 | 1 Omron | 1 Sysmac Studio | 2025-06-17 | 7.8 High |
| Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. | ||||
| CVE-2023-5097 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2025-06-17 | 7 High |
| Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | ||||
| CVE-2023-48383 | 1 Netvision | 1 Airpass | 2025-06-17 | 7.5 High |
| NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | ||||
| CVE-2023-31036 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-06-17 | 7.5 High |
| NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2023-39459 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531. | ||||
| CVE-2023-39460 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534. | ||||
| CVE-2024-31818 | 1 Derbynet | 1 Derbynet | 2025-06-17 | 9.8 Critical |
| Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | ||||
| CVE-2023-48249 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 6.5 Medium |
| The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | ||||
| CVE-2023-48246 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 6.5 Medium |
| The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | ||||
| CVE-2023-48243 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 8.1 High |
| The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | ||||
| CVE-2023-48242 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 6.5 Medium |
| The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | ||||
| CVE-2024-29502 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | 6.5 Medium |
| An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | ||||
| CVE-2023-33177 | 1 Xibosignage | 1 Xibo | 2025-06-17 | 8.8 High |
| Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. | ||||
| CVE-2025-27956 | 1 Pixeon | 1 Weblaudos | 2025-06-17 | 7.5 High |
| Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | ||||
| CVE-2021-46902 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | 7.2 High |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls. | ||||
| CVE-2023-40383 | 1 Apple | 1 Macos | 2025-06-17 | 3.3 Low |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. | ||||
| CVE-2024-34471 | 2 Hsc, Hsclabs | 2 Mailinspector, Mailinspector | 2025-06-17 | 5.4 Medium |
| An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. | ||||
| CVE-2023-52289 | 1 Sujeetkv | 1 Flaskcode | 2025-06-17 | 7.5 High |
| An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files. | ||||
| CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2025-06-17 | 8.2 High |
| Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | ||||
| CVE-2025-4178 | 2 Microsoft, Xiaowei1118 | 2 Windows, Java Server | 2025-06-17 | 5.4 Medium |
| A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||