Total
7811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10472 | 1 Harry0703 | 1 Moneyprinterturbo | 2025-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-11607 | 1 Harry0703 | 1 Moneyprinterturbo | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-34031 | 1 Geoffrowland | 1 Jmol | 2025-11-20 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2025-34023 | 2025-11-20 | N/A | N/A | ||
| A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2025-34022 | 2025-11-20 | N/A | N/A | ||
| A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2018-25124 | 2025-11-20 | N/A | N/A | ||
| PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC. | |||||
| CVE-2025-7896 | 1 Harry0703 | 1 Moneyprinterturbo | 2025-11-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely. | |||||
| CVE-2025-8941 | 2025-11-20 | N/A | 7.8 HIGH | ||
| A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. | |||||
| CVE-2025-34047 | 2025-11-20 | N/A | N/A | ||
| A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. | |||||
| CVE-2025-34045 | 1 Weiphp | 1 Weiphp | 2025-11-20 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. | |||||
| CVE-2025-34040 | 2025-11-20 | N/A | N/A | ||
| An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-01 UTC. | |||||
| CVE-2024-13982 | 2025-11-20 | N/A | N/A | ||
| SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined. | |||||
| CVE-2025-64757 | 1 Astro | 1 Astro | 2025-11-20 | N/A | 3.5 LOW |
| Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3. | |||||
| CVE-2025-65025 | 2025-11-20 | N/A | 8.2 HIGH | ||
| esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths (e.g., package/../../tmp/evil.js). When esm.sh downloads and extracts this package, files may be written to arbitrary locations on the server, escaping the intended extraction directory. This issue has been patched in version 136. | |||||
| CVE-2025-54559 | 1 Desktopalert | 1 Pingalert Application Server | 2025-11-20 | N/A | 3.7 LOW |
| An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content. | |||||
| CVE-2025-36236 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 8.2 HIGH |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system. | |||||
| CVE-2025-62630 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 8.8 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | |||||
| CVE-2025-59171 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 7.5 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | |||||
| CVE-2025-11990 | 1 Gitlab | 1 Gitlab | 2025-11-19 | N/A | 3.1 LOW |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses. | |||||
| CVE-2025-29592 | 1 Aaluoxiang | 1 Oa System | 2025-11-19 | N/A | 5.6 MEDIUM |
| oasys v1.1 is vulnerable to Directory Traversal in ProcedureController. | |||||