Total
8698 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12757 | 2 Axis, Axis Communications Ab | 2 Camera Station Pro, Axis Camera Station Pro | 2026-02-17 | 4.6 Medium |
| An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | ||||
| CVE-2025-70084 | 1 Opensatkit | 1 Opensatkit | 2026-02-17 | 7.5 High |
| Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function. | ||||
| CVE-2025-59056 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-02-13 | 7.5 High |
| FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21. | ||||
| CVE-2026-25161 | 1 Alistgo | 1 Alist | 2026-02-13 | 8.8 High |
| Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across user boundaries within the same storage mount. This issue has been patched in version 3.57.0. | ||||
| CVE-2022-45969 | 1 Alistgo | 1 Alist | 2026-02-13 | 9.8 Critical |
| Alist v3.4.0 is vulnerable to Directory Traversal, | ||||
| CVE-2025-25652 | 1 Eptura | 1 Archibus | 2026-02-13 | 7.5 High |
| In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. | ||||
| CVE-2025-62449 | 1 Microsoft | 3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension | 2026-02-13 | 6.8 Medium |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-25895 | 1 Frangoteam | 1 Fuxa | 2026-02-13 | 9.8 Critical |
| FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. | ||||
| CVE-2026-25951 | 1 Frangoteam | 1 Fuxa | 2026-02-13 | 7.2 High |
| FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11. | ||||
| CVE-2025-30387 | 1 Microsoft | 1 Azure Ai Document Intelligence Studio | 2026-02-13 | 9.8 Critical |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53793 | 1 Microsoft | 4 Azure Stack Hub, Azure Stack Hub 2406, Azure Stack Hub 2408 and 1 more | 2026-02-13 | 7.5 High |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-25475 | 1 Openclaw | 1 Openclaw | 2026-02-13 | 6.5 Medium |
| OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30. | ||||
| CVE-2026-24741 | 1 C4illin | 1 Convertx | 2026-02-12 | 8.1 High |
| ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the `POST /delete` endpoint uses a user-controlled `filename` value to construct a filesystem path and deletes it via `unlink` without sufficient validation. By supplying path traversal sequences (e.g., `../`), an attacker can delete arbitrary files outside the intended uploads directory, limited only by the permissions of the server process. Version 0.17.0 fixes the issue. | ||||
| CVE-2025-54162 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 4.9 Medium |
| A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later | ||||
| CVE-2025-62853 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later | ||||
| CVE-2025-62855 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 4.4 Medium |
| A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | ||||
| CVE-2025-62856 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 4.4 Medium |
| A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | ||||
| CVE-2025-66278 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | ||||
| CVE-2026-22894 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later | ||||
| CVE-2025-58470 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||