Total
8045 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31181 | 1 Wjjsoft | 1 Innokb | 2025-01-29 | 7.5 High |
| WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal | ||||
| CVE-2023-30855 | 1 Pimcore | 1 Pimcore | 2025-01-29 | 6.5 Medium |
| Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually. | ||||
| CVE-2023-28127 | 1 Ivanti | 1 Avalanche | 2025-01-28 | 7.5 High |
| A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. | ||||
| CVE-2023-29104 | 1 Siemens | 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more | 2025-01-28 | 6 Medium |
| A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to. | ||||
| CVE-2023-29128 | 1 Siemens | 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more | 2025-01-28 | 3.8 Low |
| A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`. | ||||
| CVE-2023-27409 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-01-28 | 2.5 Low |
| A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`. | ||||
| CVE-2023-41780 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 6.4 Medium |
| There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | ||||
| CVE-2023-27562 | 1 N8n | 1 N8n | 2025-01-27 | 6.5 Medium |
| The n8n package 0.218.0 for Node.js allows Directory Traversal. | ||||
| CVE-2023-26126 | 1 M.static Project | 1 M.static | 2025-01-27 | 7.5 High |
| All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. | ||||
| CVE-2022-33892 | 1 Intel | 1 Quartus Prime | 2025-01-27 | 7.3 High |
| Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31477 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-27 | 7.5 High |
| A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. | ||||
| CVE-2022-34855 | 1 Intel | 1 Nuc Pro Software Suite | 2025-01-27 | 6.7 Medium |
| Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-30172 | 1 Lfprojects | 1 Mlflow | 2025-01-27 | 7.5 High |
| A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | ||||
| CVE-2023-29986 | 1 Spring-boot-actuator-logview Project | 1 Spring-boot-actuator-logview | 2025-01-27 | 5.3 Medium |
| spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. | ||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2025-01-27 | 6.5 Medium |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | ||||
| CVE-2024-12885 | 2025-01-27 | 6.5 Medium | ||
| The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content. | ||||
| CVE-2023-31166 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-24 | 4.1 Medium |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2025-24611 | 2025-01-24 | 4.9 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9. | ||||
| CVE-2024-3848 | 1 Lfprojects | 1 Mlflow | 2025-01-24 | 7.5 High |
| A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal. | ||||
| CVE-2020-13377 | 1 Loadbalancer | 1 Enterprise Va Max | 2025-01-24 | 8.1 High |
| The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files. | ||||