Export limit exceeded: 35523 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22128 | 1 Tableau | 1 Tableau Server | 2025-05-13 | 9.8 Critical |
| Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates. | ||||
| CVE-2025-22479 | 1 Dell | 1 Storage Manager | 2025-05-13 | 3.5 Low |
| Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2022-23770 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2025-05-13 | 8.8 High |
| This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal. | ||||
| CVE-2024-57451 | 1 1000mz | 1 Chestnutcms | 2025-05-13 | 7.5 High |
| ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. | ||||
| CVE-2024-6648 | 1 Apollotheme | 1 Ap Pagebuilder | 2025-05-13 | 7.5 High |
| Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system. | ||||
| CVE-2022-3060 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 7.3 High |
| Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | ||||
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2025-05-13 | 7.5 High |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | ||||
| CVE-2024-27279 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | 6.5 Medium |
| Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files. | ||||
| CVE-2024-25859 | 2 Blesta, Phillipsdata | 2 Blesta, Blesta | 2025-05-13 | 7.1 High |
| A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. | ||||
| CVE-2025-25997 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-13 | 7.5 High |
| Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. | ||||
| CVE-2024-39722 | 1 Ollama | 1 Ollama | 2025-05-13 | 7.5 High |
| An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route. | ||||
| CVE-2023-51401 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | 6.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. | ||||
| CVE-2025-2032 | 1 1000mz | 1 Chestnutcms | 2025-05-12 | 3.5 Low |
| A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30290 | 1 Adobe | 1 Coldfusion | 2025-05-12 | 8.7 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2020-24855 | 1 Easyjs | 1 Easywebpack-cli | 2025-05-12 | 5.3 Medium |
| Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request. | ||||
| CVE-2024-31394 | 1 Appleple | 1 A-blog Cms | 2025-05-12 | 6.5 Medium |
| Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server. | ||||
| CVE-2022-0072 | 1 Litespeedtech | 1 Openlitespeed | 2025-05-09 | 5.8 Medium |
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | ||||
| CVE-2024-22096 | 1 Rapidscada | 1 Rapid Scada | 2025-05-09 | 6.5 Medium |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. | ||||
| CVE-2024-1163 | 1 Mapshaper | 1 Mapshaper | 2025-05-09 | 7.1 High |
| The attacker may exploit a path traversal vulnerability leading to information disclosure. | ||||
| CVE-2024-1082 | 1 Github | 1 Enterprise Server | 2025-05-09 | 6.3 Medium |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | ||||