CVE Daily
← All tags

Tag: Path Traversal

All CVEs associated with "Path Traversal". Page 2/2 • 214 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-07-07
High

CVE-2025-6797

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installa…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2025-6796

Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installatio…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2025-6795

Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installat…

CVSS: 7.5 CWE: CWE-22
Read more
Critical

CVE-2025-6794

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell…

CVSS: 9.8 CWE: CWE-22
Read more
Critical

CVE-2025-6793

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files…

CVSS: 9.4 CWE: CWE-22
Read more
High

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an at…

CVSS: 7.5 CWE: CWE-29
Read more
Medium

CVE-2025-6210

A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass p…

CVSS: 6.2 CWE: CWE-22
Read more
2025-07-06
Medium

CVE-2025-7098

A vulnerability, which was classified as critical, was found in Comodo Internet Security Premium 12.3.4.8162. Affected is an unknown function of the component File Name Handler. The manipulation of t…

CVSS: 5.6 CWE: CWE-22
Read more
2025-06-25
High

CVE-2025-6445

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interact…

CVSS: 8.1 CWE: CWE-22
Read more
2025-06-18
Medium

CVE-2025-5981

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI fl…

CVSS: 6.5 CWE: CWE-427
Read more
2025-06-12
High

CVE-2025-4613

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad t…

CVSS: 8.8 CWE: CWE-20
Read more
2025-06-06
High

CVE-2025-3485

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authenti…

CVSS: 8.8 CWE: CWE-22
Read more
2025-06-04
Low

CVE-2025-20277

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability,…

CVSS: 3.4 CWE: CWE-22
Read more
2025-05-22
Medium

CVE-2025-4419

The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, wit…

CVSS: 4.3 CWE: CWE-22
Read more
High

CVE-2025-4123

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend…

CVSS: 7.6 CWE: CWE-79
Read more
High

CVE-2025-3884

Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hu…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2025-3486

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentica…

CVSS: 8.8 CWE: CWE-22
Read more
2025-05-14
High

CVE-2025-47445

Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.

CVSS: 7.5 CWE: CWE-23
Read more
2025-05-13
Medium

CVE-2025-22859

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited ar…

CVSS: 5.3 CWE: CWE-23
Read more
2025-05-12
High

CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

CVSS: 7.6 CWE: CWE-22
Read more
2025-05-07
Medium

CVE-2025-20187

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affecte…

CVSS: 6.5 CWE: CWE-22
Read more
Medium

CVE-2025-20949

Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.

CVSS: 5.1 CWE: CWE-22
Read more
2025-04-08
High

CVE-2025-25254

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versio…

CVSS: 7.2 CWE: CWE-22
Read more
2025-04-03
Critical

CVE-2025-22927

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.

CVSS: 9.1 CWE: CWE-22
Read more
2025-04-02
High

CVE-2025-22923

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.

CVSS: 8.8 CWE: CWE-22
Read more
Critical

CVE-2023-40714

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

CVSS: 9.9 CWE: CWE-23
Read more
2025-03-25
Medium

CVE-2025-2744

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the componen…

CVSS: 5.4 CWE: CWE-22
Read more
Medium

CVE-2025-2742

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Mat…

CVSS: 5.4 CWE: CWE-22
Read more
2025-03-24
Medium

CVE-2025-2707

A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of…

CVSS: 5.4 CWE: CWE-22
Read more
2025-03-20
High

CVE-2024-9415

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server,…

CVSS: 8.8 CWE: CWE-22
Read more
High

CVE-2024-8859

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary fil…

CVSS: 7.5 CWE: CWE-29
Read more
Critical

CVE-2024-8551

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write…

CVSS: 9.1 CWE: CWE-23
Read more
Critical

CVE-2024-8537

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete a…

CVSS: 9.1 CWE: CWE-29
Read more
High

CVE-2024-8438

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary fi…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2024-8248

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can…

CVSS: 7.2 CWE: CWE-29
Read more
High

CVE-2024-7034

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of `file_…

CVSS: 7.2 CWE: CWE-22
Read more
Medium

CVE-2024-6583

A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path…

CVSS: 4.3 CWE: CWE-23
Read more
Medium

CVE-2024-6483

A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversa…

CVSS: 5.3 CWE: CWE-23
Read more
High

CVE-2024-12389

A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr p…

CVSS: 8.8 CWE: CWE-29
Read more
High

CVE-2024-11170

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and p…

CVSS: 8.8 CWE: CWE-29
Read more
Medium

CVE-2024-11037

A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file containing sensitive…

CVSS: 6.5 CWE: CWE-22
Read more
High

CVE-2024-10986

GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementi…

CVSS: 8.8 CWE: CWE-20
Read more
Critical

CVE-2024-10902

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upl…

CVSS: 9.8 CWE: CWE-73
Read more
Critical

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowi…

CVSS: 9.1 CWE: CWE-22
Read more
Critical

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations…

CVSS: 9.1 CWE: CWE-36
Read more
High

CVE-2024-10830

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an attacker to delete any file on the server b…

CVSS: 8.2 CWE: CWE-22
Read more
High

CVE-2024-10513

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'm…

CVSS: 7.2 CWE: CWE-23
Read more
2025-03-19
High

CVE-2025-27787

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service (DoS) in restart.py. `model_name` in train.py takes user input, and passes it to the `stop_train…

CVSS: 7.5 CWE: CWE-22
Read more
2025-03-18
High

CVE-2025-2449

NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI Fle…

CVSS: 8.8 CWE: CWE-22
Read more
2025-03-11
Medium

CVE-2024-55597

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted…

CVSS: 5.5 CWE: CWE-22
Read more
2025-02-11
Medium

CVE-2024-36508

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyz…

CVSS: 6.0 CWE: CWE-22
Read more
Medium

CVE-2024-11771

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

CVSS: 5.3 CWE: CWE-22
Read more
2025-01-14
Medium

CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it…

CVSS: 6.5 CWE: CWE-22
Read more
Medium

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even…

CVSS: 6.5 CWE: CWE-22
Read more
High

CVE-2024-48884

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.…

CVSS: 7.5 CWE: CWE-22
Read more
2025-01-03
High

CVE-2024-56324

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External…

CVSS: 7.1 CWE: CWE-611
Read more
2024-12-31
Medium

CVE-2024-56213

Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.

CVSS: 6.5 CWE: CWE-35
Read more
2024-12-30
High

CVE-2024-11944

iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat…

CVSS: 8.8 CWE: CWE-22
Read more
2024-12-04
High

CVE-2024-11398

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticate…

CVSS: 8.1 CWE: CWE-22
Read more
2024-11-27
Medium

CVE-2024-11219

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image functio…

CVSS: 5.3 CWE: CWE-22
Read more
2024-11-22
High

CVE-2024-5581

Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is…

CVSS: 7.2 CWE: CWE-22
Read more
2024-11-18
Medium

CVE-2021-1465

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2021-1132

A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. T…

CVSS: 5.3 CWE: CWE-35
Read more
Medium

CVE-2020-3538

A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affecte…

CVSS: 4.6 CWE: CWE-20
Read more
High

CVE-2020-26073

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is…

CVSS: 7.5 CWE: CWE-35
Read more
2024-11-15
Medium

CVE-2022-20656

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To e…

CVSS: 6.5 CWE: CWE-24
Read more
2024-11-10
High

CVE-2024-46954

An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.

CVSS: 7.8 CWE: CWE-22
Read more
2024-11-04
High

CVE-2024-10389

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containin…

CVSS: 7.5 CWE: CWE-427
Read more
2024-10-11
Medium

CVE-2024-6971

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `ve…

CVSS: 4.4 CWE: CWE-22
Read more
2024-07-15
Medium

CVE-2024-39826

Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.

CVSS: 6.8 CWE: CWE-367
Read more
2024-06-27
High

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any f…

CVSS: 7.5 CWE: CWE-400
Read more
Critical

CVE-2024-5980

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with th…

CVSS: 9.8 CWE: CWE-434
Read more
High

CVE-2024-5548

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'pr…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2024-5547

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient san…

CVSS: 7.5 CWE: CWE-23
Read more
2024-06-12
High

CVE-2024-5211

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables…

CVSS: 7.2 CWE: CWE-29
Read more
2024-05-07
High

CVE-2022-0369

Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected inst…

CVSS: 8.8 CWE: CWE-22
Read more
2024-05-03
High

CVE-2023-44451

Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux M…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2023-42130

A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installati…

CVSS: 8.8 CWE: CWE-22
Read more
Medium

CVE-2023-42129

A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations o…

CVSS: 6.5 CWE: CWE-22
Read more
High

CVE-2023-42033

Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation…

CVSS: 7.2 CWE: CWE-22
Read more
Medium

CVE-2023-41181

LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installat…

CVSS: 5.3 CWE: CWE-22
Read more
High

CVE-2023-40517

LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on aff…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2023-34298

Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secu…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2023-32177

VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPR…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2023-32176

VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPR…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2023-32166

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Au…

CVSS: 8.1 CWE: CWE-22
Read more
Critical

CVE-2023-32165

D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link…

CVSS: 9.8 CWE: CWE-22
Read more
High

CVE-2023-32164

D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2023-27326

Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto…

CVSS: 8.2 CWE: CWE-22
Read more
2024-04-16
High

CVE-2024-3571

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can lever…

CVSS: 8.8 CWE: CWE-22
Read more
2024-04-10
Critical

CVE-2024-2221

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. T…

CVSS: 9.8 CWE: CWE-434
Read more
2024-03-26
High

CVE-2024-28442

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.

CVSS: 7.5 CWE: CWE-200
Read more
2020-04-13
High

CVE-2020-11738

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

CVSS: 7.5 CWE: CWE-22
Read more
2016-12-09
High

CVE-2016-6321

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files v…

CVSS: 7.5 CWE: CWE-22
Read more