Total
8346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13377 | 2 10web, Wordpress | 2 10web Booster, Wordpress | 2025-12-11 | 9.6 Critical |
| The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition. | ||||
| CVE-2025-63371 | 1 Onecommander | 1 Onecommander | 2025-12-11 | 7.5 High |
| Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents. | ||||
| CVE-2025-13435 | 1 Dreampie | 1 Resty | 2025-12-11 | 5.6 Medium |
| A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12382 | 2 Algosec, Linux | 2 Firewall Analyzer, Linux Kernel | 2025-12-11 | 8.8 High |
| Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210). | ||||
| CVE-2023-51364 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | 8.7 High |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-51365 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | 8.7 High |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2025-54293 | 2 Canonical, Linux | 3 Lxd, Linux, Linux Kernel | 2025-12-10 | 6.5 Medium |
| Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links. | ||||
| CVE-2025-54292 | 1 Canonical | 1 Lxd | 2025-12-10 | 4.6 Medium |
| Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths. | ||||
| CVE-2025-14311 | 2025-12-09 | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JMRI.This issue affects JMRI: before 5.13.3. | ||||
| CVE-2025-14220 | 1 Orico | 1 Cd3510 | 2025-12-09 | 4.3 Medium |
| A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12425 | 3 Debian, Libreoffice, The Document Foundation | 3 Debian Linux, Libreoffice, Libreoffice | 2025-12-08 | 3.3 Low |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4. | ||||
| CVE-2013-5979 | 1 Xibosignage | 1 Xibo | 2025-12-08 | N/A |
| Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. | ||||
| CVE-2023-7077 | 1 Sharp | 52 Nec E705, Nec E705 Firmware, Nec E805 and 49 more | 2025-12-08 | 9.8 Critical |
| Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request. | ||||
| CVE-2025-29843 | 1 Synology | 2 File Station, Router Manager | 2025-12-05 | 5.4 Medium |
| A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files. | ||||
| CVE-2025-29844 | 1 Synology | 2 File Station, Router Manager | 2025-12-05 | 4.3 Medium |
| A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information. | ||||
| CVE-2025-29845 | 1 Synology | 1 Router Manager | 2025-12-05 | 4.3 Medium |
| A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files. | ||||
| CVE-2023-47222 | 1 Qnap | 1 Media Streaming Add-on | 2025-12-05 | 9.6 Critical |
| An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later | ||||
| CVE-2025-57698 | 1 Astrbot | 1 Astrbot | 2025-12-05 | 7.5 High |
| AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function `file.save`, so that the file in the request body can be saved to any location in the file system through directory traversal. | ||||
| CVE-2025-54347 | 1 Desktopalert | 2 Pingalert, Pingalert Application Server | 2025-12-05 | 9.9 Critical |
| A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions. | ||||
| CVE-2025-34238 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-12-04 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web user (www-data) can access. | ||||