Search Results (9576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46171 1 Tauri 1 Tauri 2025-04-15 6.8 Medium
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication.
CVE-2022-45894 1 Planetestream 1 Planet Estream 2025-04-14 6.5 Medium
GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.
CVE-2020-36629 1 Httpster Project 1 Httpster 2025-04-14 5.5 Medium
A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.
CVE-2023-0582 1 Forgerock 1 Access Management 2025-04-14 8.1 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
CVE-2023-0511 1 Forgerock 1 Java Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
CVE-2023-0339 1 Forgerock 1 Web Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
CVE-2021-39369 1 Philips 4 Myvue, Speech, Vue Motion and 1 more 2025-04-14 6.5 Medium
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
CVE-2022-4511 1 Docsys Project 1 Docsys 2025-04-14 5.3 Medium
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
CVE-2024-34315 1 Cmseasy 1 Cmseasy 2025-04-14 7.5 High
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
CVE-2024-32163 1 Cmseasy 1 Cmseasy 2025-04-14 6.4 Medium
CMSeasy 7.7.7.9 is vulnerable to code execution.
CVE-2023-40279 2 Openclinic, Openclinic Ga Project 2 Ga, Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVE-2023-40280 1 Openclinic Ga Project 1 Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVE-2012-4920 2 Wordpress, Zingiri 2 Wordpress, Forums 2025-04-12 N/A
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
CVE-2016-2572 2 Redhat, Squid-cache 2 Enterprise Linux, Squid 2025-04-12 N/A
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2013-5639 1 Raoul Proenca 1 Gnew 2025-04-12 N/A
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
CVE-2015-8358 1 Bitrix 1 Mpbuilder 2025-04-12 N/A
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
CVE-2013-1604 1 Maygion 1 Ip Camera Firmware 2025-04-12 N/A
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
CVE-2015-8357 1 Bitrix 1 Xscan 2025-04-12 N/A
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
CVE-2013-2085 1 Owncloud 1 Owncloud 2025-04-12 N/A
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
CVE-2016-8827 2 Microsoft, Nvidia 2 Windows, Geforce Experience 2025-04-12 6.5 Medium
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.