| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path. |
| ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.
|
| A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90. |
| IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1. |
| A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack. |
| A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder, and/or affect their availability. |
| A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server. |
| Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir(). |
| The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions up to, and including, 6.6.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). |
| A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later |
| CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2. |
| A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request. |
| ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed. |
| In the Linux kernel, the following vulnerability has been resolved:
netlink: fix false positive warning in extack during dumps
Commit under fixes extended extack reporting to dumps.
It works under normal conditions, because extack errors are
usually reported during ->start() or the first ->dump(),
it's quite rare that the dump starts okay but fails later.
If the dump does fail later, however, the input skb will
already have the initiating message pulled, so checking
if bad attr falls within skb->data will fail.
Switch the check to using nlh, which is always valid.
syzbot found a way to hit that scenario by filling up
the receive queue. In this case we initiate a dump
but don't call ->dump() until there is read space for
an skb.
WARNING: CPU: 1 PID: 5845 at net/netlink/af_netlink.c:2210 netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209
RIP: 0010:netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209
Call Trace:
<TASK>
netlink_dump_done+0x513/0x970 net/netlink/af_netlink.c:2250
netlink_dump+0x91f/0xe10 net/netlink/af_netlink.c:2351
netlink_recvmsg+0x6bb/0x11d0 net/netlink/af_netlink.c:1983
sock_recvmsg_nosec net/socket.c:1051 [inline]
sock_recvmsg+0x22f/0x280 net/socket.c:1073
__sys_recvfrom+0x246/0x3d0 net/socket.c:2267
__do_sys_recvfrom net/socket.c:2285 [inline]
__se_sys_recvfrom net/socket.c:2281 [inline]
__x64_sys_recvfrom+0xde/0x100 net/socket.c:2281
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff37dd17a79 |
| Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. |
| Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypassing the intended extension-based check. |
| A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 1.10.15 is sufficient to fix this issue. Patch name: 3b24f99ac4ddb7f9072076b0d07f0b1a408f177a. Upgrading the affected component is advised. This vulnerability was initially reported for code-projects Faculty Management System but appears to affect DataTables as an upstream component instead. The vendor of DataTables explains: "I would suggest that the author upgrade to the latest versions of DataTables (actually, they shouldn't really be deploying that file to their own server at all - it is only relevant for the DataTables examples)." |
| A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.1 ( 2025/07/09 ) and later |
