Total
7192 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2943 | 1 Connekthq | 1 Ajax Load More | 2025-05-05 | 4.9 Medium |
| The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file. | ||||
| CVE-2022-23602 | 1 Nim-lang | 2 Docutils, Nimforum | 2025-05-05 | 7.7 High |
| Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum's post "preview" endpoint. Even if NimForum is running as a non-critical user, the forum.json secrets can be stolen. Version 2.2.0 of NimForum includes patches for this vulnerability. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue. | ||||
| CVE-2020-35460 | 2 Mpxj, Oracle | 2 Mpxj, Primavera Unifier | 2025-05-05 | 5.3 Medium |
| common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. | ||||
| CVE-2023-39143 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2025-05-05 | 9.8 Critical |
| PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). | ||||
| CVE-2023-26802 | 1 Dcnglobal | 2 Dcbi-netlog-lab, Dcbi-netlog-lab Firmware | 2025-05-05 | 9.8 Critical |
| An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. | ||||
| CVE-2022-40742 | 1 Softnext | 1 Mail Sqr Expert | 2025-05-05 | 6.5 Medium |
| Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | ||||
| CVE-2025-30290 | 1 Adobe | 1 Coldfusion | 2025-05-05 | 8.7 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are stored outside the intended restricted directory. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-38951 | 1 Zkteco | 1 Biotime | 2025-05-05 | 9.8 Critical |
| A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration. | ||||
| CVE-2023-38950 | 1 Zkteco | 1 Biotime | 2025-05-05 | 7.5 High |
| A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | ||||
| CVE-2021-39316 | 1 Digitalzoomstudio | 1 Zoomsounds | 2025-05-05 | 7.5 High |
| The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. | ||||
| CVE-2023-41747 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2025-05-05 | 6.5 Medium |
| Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||
| CVE-2022-4244 | 2 Codehaus-plexus, Redhat | 23 Plexus-utils, A Mq Clients, Amq Broker and 20 more | 2025-05-05 | 7.5 High |
| A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. | ||||
| CVE-2024-47742 | 1 Linux | 1 Linux Kernel | 2025-05-04 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace; the ones I could find (not counting interfaces that require root privileges) are: - lpfc_sli4_request_firmware_update() seems to construct the firmware filename from "ModelName", a string that was previously parsed out of some descriptor ("Vital Product Data") in lpfc_fill_vpd() - nfp_net_fw_find() seems to construct a firmware filename from a model name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I think parses some descriptor that was read from the device. (But this case likely isn't exploitable because the format string looks like "netronome/nic_%s", and there shouldn't be any *folders* starting with "netronome/nic_". The previous case was different because there, the "%s" is *at the start* of the format string.) - module_flash_fw_schedule() is reachable from the ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is enough to pass the privilege check), and takes a userspace-provided firmware name. (But I think to reach this case, you need to have CAP_NET_ADMIN over a network namespace that a special kind of ethernet device is mapped into, so I think this is not a viable attack path in practice.) Fix it by rejecting any firmware names containing ".." path components. For what it's worth, I went looking and haven't found any USB device drivers that use the firmware loader dangerously. | ||||
| CVE-2024-21400 | 1 Microsoft | 1 Confidental Containers | 2025-05-03 | 9 Critical |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | ||||
| CVE-2024-29053 | 1 Microsoft | 1 Defender For Iot | 2025-05-03 | 8.8 High |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2024-37372 | 2025-05-02 | 3.6 Low | ||
| The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. | ||||
| CVE-2022-32287 | 1 Apache | 1 Uimaj | 2025-05-02 | 7.5 High |
| A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. | ||||
| CVE-2022-37906 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | 6.5 Medium |
| An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. | ||||
| CVE-2022-37865 | 2 Apache, Redhat | 2 Ivy, Camel Spring Boot | 2025-05-02 | 9.1 Critical |
| With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1. | ||||
| CVE-2022-34822 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2025-05-02 | 9.8 Critical |
| Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | ||||