Medium
CVE-2025-22238
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outsid…
Tag: Path Traversal
All CVEs associated with "Path Traversal". Page 13/72 • 8591 CVEs.
Subscribe CVEs: RSS for “Path Traversal” · RSS (High+Critical only)
About “Path Traversal”
A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-06-13
2025-06-12
High
CVE-2025-4613
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad t…
Medium
CVE-2025-40592
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix St…
2025-06-10
High
CVE-2025-36574
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, l…
Medium
CVE-2024-57189
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
Medium
CVE-2024-57186
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
Medium
CVE-2025-5741
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this v…
High
CVE-2025-5740
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipul…
High
CVE-2025-42977
SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modi…
2025-06-09
High
CVE-2025-49297
Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.
High
CVE-2025-49296
Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.
High
CVE-2025-49295
Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.
High
CVE-2025-48267
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2.
High
CVE-2025-48130
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a t…
High
CVE-2025-48124
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price…
Medium
CVE-2025-47511
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversal.This issue affects Welcart e-Commerce:…
High
CVE-2025-39475
Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3.
High
CVE-2025-39473
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core seofy-core allows PHP Local File Inclusion.This issue affects Seofy Core: from…
High
CVE-2025-31635
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER…
High
CVE-2025-31050
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Appt…
Medium
CVE-2025-5880
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument f…
2025-06-06
High
CVE-2025-3485
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authenti…
Medium
CVE-2025-33035
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files…
High
CVE-2025-49237
Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through <= 0.9.10.
High
CVE-2025-28954
Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp backwp allows Path Traversal.This issue affects Backwp: from n/a through <= 2.0.2.
Critical
CVE-2025-3365
A missing protection against path traversal allows to access any file on the server.
Medium
CVE-2025-5714
A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Info…
2025-06-05
Medium
CVE-2025-27445
A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory…
Medium
CVE-2025-49466
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
2025-06-04
Low
CVE-2025-20277
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability,…
Critical
CVE-2025-5598
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.
Medium
CVE-2025-5545
A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasy…
2025-06-03
Medium
CVE-2025-5544
A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/j…
Medium
CVE-2025-5509
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source lea…
High
CVE-2025-31359
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write…
Medium
CVE-2025-41428
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unaut…
2025-06-02
High
CVE-2025-27956
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
Critical
CVE-2025-37095
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
Medium
CVE-2025-37094
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
High
CVE-2025-48957
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for L…
2025-05-31
Medium
CVE-2025-5385
A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation le…
Low
CVE-2025-5381
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The m…
Medium
CVE-2025-5380
A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing o…
2025-05-29
Medium
CVE-2025-5328
A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipula…
2025-05-27
Low
CVE-2025-48370
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the…
2025-05-26
Medium
CVE-2025-5161
A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The…
Medium
CVE-2025-5160
A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation…
Medium
CVE-2025-5159
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of…
2025-05-25
Medium
CVE-2025-5158
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoft…
Medium
CVE-2025-5157
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of…
2025-05-23
High
CVE-2025-48273
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/…
Medium
CVE-2025-47619
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
High
CVE-2025-47603
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo belingogeo allows Path Traversal.This issue affects belingoGeo: from n/a through <=…
High
CVE-2025-47535
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This i…
Medium
CVE-2025-47513
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms infocob-crm-forms allows Path Traversal.This issue affects Infocob CRM…
High
CVE-2025-47512
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan tainacan allows Path Traversal.This issue affects Tainacan: from n/a through <= 0.21.…
High
CVE-2025-47492
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms…
Medium
CVE-2025-46527
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press likecoin allows Path Traversal.This issue affects Web3Press: from n/a through <= 3.2…
Medium
CVE-2025-46486
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.…
High
CVE-2025-31053
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Path Traversal.This issue affects KBx P…
Medium
CVE-2024-13945
Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series…
2025-05-22
High
CVE-2024-13931
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS…
Medium
CVE-2025-4419
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, wit…
High
CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend…
High
CVE-2025-3884
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hu…
High
CVE-2025-3486
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentica…
2025-05-21
High
CVE-2025-46822
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path trav…
Medium
CVE-2025-5029
A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactor…
2025-05-20
High
CVE-2025-41229
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal se…
2025-05-19
Medium
CVE-2025-3223
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue…
Medium
CVE-2025-46441
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1.
Critical
CVE-2025-32926
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant:…
High
CVE-2025-27010
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2.
Low
CVE-2025-27566
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploi…
Medium
CVE-2025-4912
A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/up…
2025-05-18
Medium
CVE-2025-4898
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the…
Medium
CVE-2025-4893
A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the fi…
Medium
CVE-2025-4868
A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of…
2025-05-17
High
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to versi…
2025-05-16
High
CVE-2025-39492
Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.
High
CVE-2025-39491
Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.
High
CVE-2025-40629
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, th…
High
CVE-2025-2305
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server…
2025-05-15
Medium
CVE-2025-4720
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php.…
Critical
CVE-2025-47788
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could all…
2025-05-14
High
CVE-2025-47445
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26.
2025-05-13
Medium
CVE-2025-43566
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary f…
Critical
CVE-2025-30387
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
Critical
CVE-2025-31493
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection(…
High
CVE-2025-30207
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly…
High
CVE-2024-48766
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in t…
Critical
CVE-2025-30159
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` met…
Medium
CVE-2025-22859
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited ar…
Medium
CVE-2025-40573
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local…
2025-05-12
High
CVE-2024-4982
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
2025-05-11
Medium
CVE-2025-4545
A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component…
Medium
CVE-2025-4530
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file File…
Medium
CVE-2025-4529
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed…
2025-05-10
Medium
CVE-2025-4511
A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-im…
2025-05-09
High
CVE-2025-4377
Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the f…
2025-05-08
High
CVE-2024-6648
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing t…
2025-05-07
Medium
CVE-2025-47423
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by re…
High
CVE-2025-32820
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.
High
CVE-2025-32819
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to fact…
Critical
CVE-2025-20188
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLC…
Medium
CVE-2025-20187
A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affecte…
High
CVE-2025-47649
Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4…
High
CVE-2025-47636
Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.
Medium
CVE-2025-20949
Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
2025-05-06
Low
CVE-2025-22479
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker…
Medium
CVE-2025-4329
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the ar…
2025-05-05
Medium
CVE-2025-45239
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
High
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside…
2025-05-02
Medium
CVE-2025-4186
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 2024. Affected is an unknown function of the file /?g=route_ispinfo_export_save. The manipulation of the argument…
Medium
CVE-2025-4185
A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=obj_area_export_save. The manipulation of th…
2025-05-01
Medium
CVE-2025-4178
A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/…
Medium
CVE-2025-4175
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanc…
Critical
CVE-2025-32011
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.
2025-04-30
High
CVE-2025-27409
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, path traversal is possible in Joplin Server…
2025-04-29
Medium
CVE-2025-4078
A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the…