Total
7987 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37317 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2025-03-26 | 9.1 Critical |
| Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | ||||
| CVE-2021-36425 | 1 Phpwcms | 1 Phpwcms | 2025-03-26 | 5.4 Medium |
| Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | ||||
| CVE-2023-24804 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 5 Medium |
| The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses. | ||||
| CVE-2024-7776 | 1 Onnx | 1 Onnx | 2025-03-26 | 9.1 Critical |
| A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution. | ||||
| CVE-2024-40629 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-03-25 | 10 Critical |
| JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-40628 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-03-25 | 10 Critical |
| JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability. | ||||
| CVE-2024-42680 | 1 Cysoft168 | 1 Super Easy Enterprise Management System | 2025-03-25 | 5.5 Medium |
| An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. | ||||
| CVE-2024-37403 | 1 Ivanti | 1 Docs\@work | 2025-03-25 | 5.5 Medium |
| Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root. | ||||
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2025-03-25 | 7.5 High |
| Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8. | ||||
| CVE-2023-26321 | 1 Mi | 1 File Manager | 2025-03-25 | 6.3 Medium |
| A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file. | ||||
| CVE-2023-40160 | 2025-03-24 | 3.7 Low | ||
| Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server. | ||||
| CVE-2023-24689 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | 4.3 Medium |
| An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx | ||||
| CVE-2023-21448 | 1 Samsung | 1 Cloud | 2025-03-24 | 5.7 Medium |
| Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. | ||||
| CVE-2023-0745 | 1 Yugabyte | 1 Yugabytedb Managed | 2025-03-24 | 6.7 Medium |
| The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0 | ||||
| CVE-2024-54520 | 1 Apple | 1 Macos | 2025-03-24 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files. | ||||
| CVE-2023-5355 | 1 Getawesomesupport | 1 Awesome Support | 2025-03-24 | 8.1 High |
| The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. | ||||
| CVE-2019-15839 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-03-24 | N/A |
| The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | ||||
| CVE-2023-26256 | 1 Stagil | 1 Stagil Navigation | 2025-03-21 | 7.5 High |
| An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system. | ||||
| CVE-2023-20943 | 1 Google | 1 Android | 2025-03-21 | 7.8 High |
| In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 | ||||
| CVE-2023-24188 | 1 Ureport Project | 1 Ureport | 2025-03-21 | 9.1 Critical |
| ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | ||||