Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39470 | 2025-04-21 | 8.1 High | ||
| Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0. | ||||
| CVE-2025-24908 | 2025-04-17 | 6.8 Medium | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | ||||
| CVE-2025-24907 | 2025-04-17 | 6.8 Medium | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the CGG Draw API. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | ||||
| CVE-2025-30966 | 2025-04-16 | 5.4 Medium | ||
| Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. | ||||
| CVE-2025-39598 | 2025-04-16 | 4.9 Medium | ||
| Path Traversal vulnerability in Quý Lê 91 Administrator Z allows Path Traversal. This issue affects Administrator Z: from n/a through 2025.03.28. | ||||
| CVE-2025-32585 | 2025-04-11 | 7.5 High | ||
| Path Traversal vulnerability in Trusty Plugins Shop Products Filter allows PHP Local File Inclusion. This issue affects Shop Products Filter: from n/a through 1.2. | ||||
| CVE-2022-36928 | 1 Zoom | 1 Zoom | 2025-04-09 | 6.1 Medium |
| Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory. | ||||
| CVE-2025-30014 | 2025-04-08 | 7.7 High | ||
| SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | ||||
| CVE-2024-2863 | 1 Lg | 1 Lg Led Assistant | 2025-04-04 | 5.3 Medium |
| This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | ||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2025-04-04 | 7.5 High |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | ||||
| CVE-2025-30834 | 2025-04-01 | 7.5 High | ||
| Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4. | ||||
| CVE-2024-54362 | 2025-03-28 | 8.1 High | ||
| Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3. | ||||
| CVE-2025-0858 | 2025-03-27 | N/A | ||
| A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. | ||||
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2025-03-25 | 7.5 High |
| Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8. | ||||
| CVE-2024-2654 | 1 Filemanagerpro | 1 File Manager | 2025-03-24 | 6.8 Medium |
| The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | ||||
| CVE-2025-26940 | 2025-03-18 | 6.3 Medium | ||
| Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | ||||
| CVE-2024-12088 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-03-15 | 6.5 Medium |
| A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | ||||
| CVE-2024-12087 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-03-15 | 6.5 Medium |
| A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | ||||
| CVE-2024-47170 | 1 Agnai | 1 Agnai | 2025-03-12 | 4.3 Medium |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. | ||||
| CVE-2025-25122 | 2025-03-03 | 8.1 High | ||
| Path Traversal vulnerability in NotFound WizShop allows PHP Local File Inclusion. This issue affects WizShop: from n/a through 3.0.2. | ||||