Search Results (9619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4583 1 Neuroml 1 Jlems 2025-04-15 6.3 Medium
A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src/main/java/org/lemsml/jlems/io/util/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability.
CVE-2022-4594 1 Tjws2 Project 1 Tjws2 2025-04-15 6.3 Medium
A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187.
CVE-2022-46492 1 Nbnbk Project 1 Nbnbk 2025-04-15 6.5 Medium
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.
CVE-2022-46171 1 Tauri 1 Tauri 2025-04-15 6.8 Medium
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication.
CVE-2022-45894 1 Planetestream 1 Planet Estream 2025-04-14 6.5 Medium
GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.
CVE-2020-36629 1 Httpster Project 1 Httpster 2025-04-14 5.5 Medium
A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.
CVE-2023-0582 1 Forgerock 1 Access Management 2025-04-14 8.1 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
CVE-2023-0511 1 Forgerock 1 Java Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
CVE-2023-0339 1 Forgerock 1 Web Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
CVE-2021-39369 1 Philips 4 Myvue, Speech, Vue Motion and 1 more 2025-04-14 6.5 Medium
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
CVE-2022-4511 1 Docsys Project 1 Docsys 2025-04-14 5.3 Medium
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
CVE-2024-34315 1 Cmseasy 1 Cmseasy 2025-04-14 7.5 High
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
CVE-2024-32163 1 Cmseasy 1 Cmseasy 2025-04-14 6.4 Medium
CMSeasy 7.7.7.9 is vulnerable to code execution.
CVE-2023-40279 2 Openclinic, Openclinic Ga Project 2 Ga, Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVE-2023-40280 1 Openclinic Ga Project 1 Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVE-2014-9372 1 Manageengine 1 Password Manager Pro 2025-04-12 N/A
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.
CVE-2016-5307 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.
CVE-2016-4815 1 Buffalo 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more 2025-04-12 N/A
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-6370 1 Cisco 1 Hosted Collaboration Mediation Fulfillment 2025-04-12 N/A
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
CVE-2015-5065 1 Intelligent-it 1 Paypal Currency Converter Basic For Woocommerce 2025-04-12 N/A
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.