Export limit exceeded: 46622 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40444 | 1 Zzcms | 1 Zzcms | 2025-05-27 | 5.3 Medium |
| ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | ||||
| CVE-2022-40443 | 1 Zzcms | 1 Zzcms | 2025-05-27 | 5.3 Medium |
| An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. | ||||
| CVE-2023-28465 | 1 Hapifhir | 1 Hl7 Fhir Core | 2025-05-27 | 7.5 High |
| The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057. | ||||
| CVE-2022-34026 | 1 Icecoder | 1 Icecoder | 2025-05-27 | 7.5 High |
| ICEcoder v8.1 allows attackers to execute a directory traversal. | ||||
| CVE-2025-4720 | 1 Munyweki | 1 Student Result Management System | 2025-05-27 | 5.4 Medium |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-45316 | 1 Mattermost | 1 Mattermost Server | 2025-05-24 | 7.3 High |
| Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. | ||||
| CVE-2024-53582 | 1 Openpanel | 1 Openpanel | 2025-05-23 | 7.5 High |
| An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request. | ||||
| CVE-2024-55415 | 1 Thecontrolgroup | 1 Voyager | 2025-05-23 | 5.7 Medium |
| DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. | ||||
| CVE-2024-23721 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-05-23 | 7.5 High |
| A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information. | ||||
| CVE-2018-5448 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 4.8 Medium |
| Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. | ||||
| CVE-2025-4898 | 1 Munyweki | 1 Student Result Management System | 2025-05-21 | 5.4 Medium |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-40199 | 1 Ec-cube | 1 Ec-cube | 2025-05-21 | 2.7 Low |
| Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information. | ||||
| CVE-2025-4912 | 1 Munyweki | 1 Student Result Management System | 2025-05-21 | 5.4 Medium |
| A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. The manipulation of the argument old_photo leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2926 | 1 Adobe | 1 Download Manager | 2025-05-21 | 4.9 Medium |
| The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory | ||||
| CVE-2022-40082 | 2 Cloudwego, Microsoft | 2 Hertz, Windows | 2025-05-21 | 7.5 High |
| Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | ||||
| CVE-2022-39033 | 1 Lcnet | 1 Smart Evision | 2025-05-21 | 9.8 Critical |
| Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. | ||||
| CVE-2022-39034 | 1 Lcnet | 1 Smart Evision | 2025-05-21 | 6.5 Medium |
| Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files. | ||||
| CVE-2023-48373 | 1 Itpison | 1 Omicard Edm | 2025-05-21 | 7.5 High |
| ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | ||||
| CVE-2022-28814 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2025-05-20 | 9.8 Critical |
| Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device. | ||||
| CVE-2021-33354 | 1 Htmly | 1 Htmly | 2025-05-20 | 8.1 High |
| Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | ||||