Total
7150 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42226 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | ||||
| CVE-2023-42225 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 7.5 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | ||||
| CVE-2024-0341 | 1 Inis Project | 1 Inis | 2025-04-17 | 3.5 Low |
| A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. | ||||
| CVE-2021-22650 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | 7.5 High |
| An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | ||||
| CVE-2025-24406 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-17 | 7.5 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-37932 | 1 Fortinet | 1 Fortivoice | 2025-04-17 | 6.2 Medium |
| An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | ||||
| CVE-2022-41418 | 1 Blogengine | 1 Blogengine.net | 2025-04-17 | 7.2 High |
| An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | ||||
| CVE-2022-23530 | 1 Datadoghq | 1 Guarddog | 2025-04-17 | 5.8 Medium |
| GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths. | ||||
| CVE-2022-23531 | 1 Datadoghq | 1 Guarddog | 2025-04-17 | 5.8 Medium |
| GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. | ||||
| CVE-2022-4063 | 1 Pluginus | 1 Inpost Gallery | 2025-04-17 | 9.8 Critical |
| The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | ||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | 7.5 High |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-40607 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2025-04-17 | 6.8 Medium |
| IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. | ||||
| CVE-2024-46644 | 1 Enms | 1 Enms | 2025-04-16 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | ||||
| CVE-2024-46645 | 1 Enms | 1 Enms | 2025-04-16 | 7.5 High |
| eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. | ||||
| CVE-2024-46646 | 1 Enms | 1 Enms | 2025-04-16 | 6.5 Medium |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | ||||
| CVE-2024-46647 | 1 Enms | 1 Enms | 2025-04-16 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | ||||
| CVE-2024-46648 | 1 Enms | 1 Enms | 2025-04-16 | 7.5 High |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | ||||
| CVE-2024-46649 | 1 Enms | 1 Enms | 2025-04-16 | 7.5 High |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | ||||
| CVE-2025-29213 | 2025-04-16 | 5.5 Medium | ||
| A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. | ||||
| CVE-2022-41591 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | 7.5 High |
| The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. | ||||