Total
7984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27825 | 1 Mercurycom | 2 Mac1200r, Mac1200r Firmware | 2025-01-14 | 7.5 High |
| A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL. | ||||
| CVE-2023-28344 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | 7.1 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console. | ||||
| CVE-2022-47526 | 1 Fox-it | 2 Fox Datadiode, Fox Datadiode Firmware | 2025-01-14 | 9.8 Critical |
| Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-24632 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 5.3 Medium |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. | ||||
| CVE-2023-29380 | 1 Linuxmint | 1 Warpinator | 2025-01-13 | 7.5 High |
| Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. | ||||
| CVE-2022-36243 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | 5.3 Medium |
| Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. | ||||
| CVE-2023-30196 | 1 Webbax | 1 Salesbooster | 2025-01-13 | 7.5 High |
| Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. | ||||
| CVE-2023-52953 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.2 Medium |
| Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2023-2435 | 1 Blog-in-blog Project | 1 Blog-in-blog | 2025-01-13 | 7.2 High |
| The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2022-47595 | 1 Codecabin | 1 Wp Go Maps | 2025-01-13 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions. | ||||
| CVE-2024-38819 | 1 Redhat | 1 Apache Camel Spring Boot | 2025-01-10 | 7.5 High |
| Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | ||||
| CVE-2024-10005 | 1 Hashicorp | 1 Consul | 2025-01-10 | 8.1 High |
| A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. | ||||
| CVE-2023-30197 | 1 Webbax | 1 Myinventory | 2025-01-09 | 7.5 High |
| Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack. | ||||
| CVE-2023-2909 | 1 Asustor | 1 Adm | 2025-01-09 | 8.5 High |
| EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below. | ||||
| CVE-2023-29159 | 1 Encode | 1 Starlette | 2025-01-09 | 7.5 High |
| Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | ||||
| CVE-2023-27639 | 1 Tshirtecommerce | 1 Custom Product Designer | 2025-01-09 | 7.5 High |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023. | ||||
| CVE-2023-25750 | 1 Mozilla | 1 Firefox | 2025-01-09 | 4.3 Medium |
| Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. | ||||
| CVE-2024-9575 | 1 Rami.io Gmbh | 1 Pretiix Widget Wordpress Plugin | 2025-01-09 | N/A |
| Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5. | ||||
| CVE-2023-29736 | 1 Timmystudios | 1 Keyboard Themes | 2025-01-09 | 9.8 Critical |
| Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. | ||||
| CVE-2023-33544 | 1 Hawt | 1 Hawtio | 2025-01-09 | 5.5 Medium |
| hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite. | ||||