Total
342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2120 | 1 Offis | 1 Dcmtk | 2025-11-03 | 7.5 HIGH | 7.5 HIGH |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | |||||
| CVE-2020-5410 | 1 Vmware | 1 Spring Cloud Config | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | |||||
| CVE-2025-59776 | 2025-10-27 | N/A | 4.0 MEDIUM | ||
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine. | |||||
| CVE-2025-60023 | 2025-10-27 | N/A | 4.0 MEDIUM | ||
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. | |||||
| CVE-2025-58456 | 2025-10-27 | N/A | 6.8 MEDIUM | ||
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine. | |||||
| CVE-2025-62498 | 2025-10-27 | N/A | 8.8 HIGH | ||
| A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened. | |||||
| CVE-2025-58429 | 2025-10-27 | N/A | 7.5 HIGH | ||
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine. | |||||
| CVE-2025-58078 | 2025-10-27 | N/A | 7.5 HIGH | ||
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine. | |||||
| CVE-2025-26349 | 1 Q-free | 1 Maxtime | 2025-10-24 | N/A | 7.2 HIGH |
| A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests. | |||||
| CVE-2025-11898 | 2025-10-21 | N/A | 7.5 HIGH | ||
| Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | |||||
| CVE-2024-56340 | 1 Ibm | 1 Cognos Analytics | 2025-10-17 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. | |||||
| CVE-2024-47051 | 1 Acquia | 1 Mautic | 2025-10-16 | N/A | 9.1 CRITICAL |
| This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. | |||||
| CVE-2025-46002 | 1 Simogeo | 1 Filemanager | 2025-10-14 | N/A | 6.5 MEDIUM |
| An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint. | |||||
| CVE-2025-62187 | 1 Ankitects | 1 Anki | 2025-10-10 | N/A | 2.9 LOW |
| In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder). | |||||
| CVE-2025-55115 | 1 Bmc | 1 Control-m\/agent | 2025-10-10 | N/A | 8.8 HIGH |
| A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above. | |||||
| CVE-2025-51052 | 1 Vedo Suite Project | 1 Vedo Suite | 2025-10-09 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'. | |||||
| CVE-2025-10249 | 2025-10-09 | N/A | 6.5 MEDIUM | ||
| The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above, to install and activate plugin add-ons, create sliders, and download arbitrary files. | |||||
| CVE-2025-59835 | 2025-10-06 | N/A | N/A | ||
| LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5. | |||||
| CVE-2025-43016 | 1 Jetbrains | 1 Rider | 2025-10-01 | N/A | 5.4 MEDIUM |
| In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session | |||||
| CVE-2025-9570 | 1 Sun.net | 1 Ehrd Ctms | 2025-09-25 | N/A | 4.9 MEDIUM |
| The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files. | |||||