Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9141 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9142 | 1 Checkpoint | 1 Harmony Sase | 2026-04-15 | 7.5 High |
| A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory. | ||||
| CVE-2024-51376 | 2026-04-15 | 7.5 High | ||
| Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component. | ||||
| CVE-2025-8941 | 1 Redhat | 13 Cert Manager, Confidential Compute Attestation, Discovery and 10 more | 2026-04-15 | 7.8 High |
| A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. | ||||
| CVE-2025-8749 | 1 Mobile-industrial-robots | 5 Mir100, Mir1000, Mir200 and 2 more | 2026-04-15 | 6.5 Medium |
| Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request. | ||||
| CVE-2024-55587 | 2026-04-15 | 8.8 High | ||
| python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. | ||||
| CVE-2025-3021 | 2026-04-15 | N/A | ||
| Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint. | ||||
| CVE-2023-37385 | 2026-04-15 | 7.3 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6. | ||||
| CVE-2024-12850 | 2026-04-15 | 4.9 Medium | ||
| The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2023-35812 | 1 Openssh | 1 Openssh | 2026-04-15 | 5.3 Medium |
| An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2. | ||||
| CVE-2024-41887 | 2026-04-15 | N/A | ||
| Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2024-13991 | 1 Huijietong | 1 Cloud Video Platform | 2026-04-15 | N/A |
| Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being exploited in the wild. | ||||
| CVE-2025-7575 | 2026-04-15 | 4.7 Medium | ||
| A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function image_drop_upload_ajax/image_delete_ajax of the file submit.php. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 1.0.78 is able to address this issue. The identifier of the patch is 98ea9ee4a2052c4327f89d2f7688cc1b5749450d. It is recommended to upgrade the affected component. | ||||
| CVE-2022-50950 | 1 Webile | 1 Webile | 2026-04-15 | 6.5 Medium |
| Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system. | ||||
| CVE-2025-7488 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-32982 | 1 Litestar-org | 1 Litestar | 2026-04-15 | 8.2 High |
| Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4. | ||||
| CVE-2025-42970 | 2026-04-15 | 5.8 Medium | ||
| SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality. | ||||
| CVE-2025-27718 | 2026-04-15 | N/A | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. | ||||
| CVE-2024-47071 | 1 Freepbx | 1 Endpoint Manager | 2026-04-15 | 6.8 Medium |
| OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4. | ||||
| CVE-2024-54909 | 2026-04-15 | 8.1 High | ||
| A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. | ||||
| CVE-2024-11303 | 1 Korenix | 1 Jetport 5601 | 2026-04-15 | N/A |
| The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2. | ||||