Total
7645 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39040 | 1 Aenrich | 1 A\+hrd | 2025-04-10 | 7.5 High |
| aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | ||||
| CVE-2021-29100 | 1 Esri | 1 Arcgis Earth | 2025-04-10 | 7.8 High |
| A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system. | ||||
| CVE-2021-29101 | 1 Esri | 1 Arcgis Geoevent Server | 2025-04-10 | 7.5 High |
| ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system. | ||||
| CVE-2022-38196 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 6.5 Medium |
| Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | ||||
| CVE-2022-38202 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 7.5 High |
| There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets). | ||||
| CVE-2022-38205 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 8.6 High |
| In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | ||||
| CVE-2024-54148 | 1 Gogs | 1 Gogs | 2025-04-10 | 9.8 Critical |
| Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | ||||
| CVE-2024-55947 | 1 Gogs | 1 Gogs | 2025-04-10 | 8.8 High |
| Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | ||||
| CVE-2023-40496 | 1 Lg | 1 Simple Editor | 2025-04-10 | 7.5 High |
| LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyStickerContent command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-19923. | ||||
| CVE-2023-40497 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveXml command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19924. | ||||
| CVE-2023-40498 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19925. | ||||
| CVE-2023-40499 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.1 Critical |
| LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mkdir command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19926. | ||||
| CVE-2023-40502 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.1 Critical |
| LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cropImage command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19951. | ||||
| CVE-2023-40508 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.1 Critical |
| LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putCanvasDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-20010. | ||||
| CVE-2023-40509 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.1 Critical |
| LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCanvas method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-20011. | ||||
| CVE-2023-40514 | 1 Lg | 1 Simple Editor | 2025-04-10 | 6.5 Medium |
| LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the FileManagerController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20016. | ||||
| CVE-2023-40513 | 1 Lg | 1 Simple Editor | 2025-04-10 | 6.5 Medium |
| LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the UserManageController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20015. | ||||
| CVE-2023-40512 | 1 Lg | 1 Simple Editor | 2025-04-10 | 6.5 Medium |
| LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the PlayerController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20014. | ||||
| CVE-2024-5882 | 1 Webcodingplace | 1 Ultimate Classified Listings | 2025-04-10 | 7.5 High |
| The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page | ||||
| CVE-2019-25099 | 1 Afkmods | 1 Qsf-portal | 2025-04-10 | 5.5 Medium |
| A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability. | ||||