Total
7633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46987 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | 7.7 High |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-20804 | 1 Samsung | 2 Android, Myfiles | 2025-04-17 | 4 Medium |
| Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. | ||||
| CVE-2024-46986 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | 10 Critical |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-46137 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | 7.5 High |
| AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | ||||
| CVE-2023-42232 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. | ||||
| CVE-2023-42229 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 6.5 Medium |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. | ||||
| CVE-2023-42227 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. | ||||
| CVE-2023-42226 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | ||||
| CVE-2023-42225 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | ||||
| CVE-2024-0341 | 1 Inis Project | 1 Inis | 2025-04-17 | 3.5 Low |
| A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. | ||||
| CVE-2021-22650 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | 7.5 High |
| An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | ||||
| CVE-2025-24406 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-17 | 7.5 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-37932 | 1 Fortinet | 1 Fortivoice | 2025-04-17 | 6.2 Medium |
| An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | ||||
| CVE-2022-41418 | 1 Blogengine | 1 Blogengine.net | 2025-04-17 | 7.2 High |
| An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | ||||
| CVE-2022-23530 | 1 Datadoghq | 1 Guarddog | 2025-04-17 | 5.8 Medium |
| GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths. | ||||
| CVE-2022-23531 | 1 Datadoghq | 1 Guarddog | 2025-04-17 | 5.8 Medium |
| GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. | ||||
| CVE-2022-4063 | 1 Pluginus | 1 Inpost Gallery | 2025-04-17 | 9.8 Critical |
| The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | ||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | 7.5 High |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-40607 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2025-04-17 | 6.8 Medium |
| IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. | ||||
| CVE-2024-46644 | 1 Enms | 1 Enms | 2025-04-16 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | ||||