Search Results (8230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0582 1 Forgerock 1 Access Management 2025-04-14 8.1 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
CVE-2023-0511 1 Forgerock 1 Java Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
CVE-2023-0339 1 Forgerock 1 Web Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
CVE-2021-39369 1 Philips 4 Myvue, Speech, Vue Motion and 1 more 2025-04-14 6.5 Medium
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
CVE-2022-4511 1 Docsys Project 1 Docsys 2025-04-14 5.3 Medium
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
CVE-2024-34315 1 Cmseasy 1 Cmseasy 2025-04-14 7.5 High
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
CVE-2024-32163 1 Cmseasy 1 Cmseasy 2025-04-14 6.4 Medium
CMSeasy 7.7.7.9 is vulnerable to code execution.
CVE-2023-40279 2 Openclinic, Openclinic Ga Project 2 Ga, Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVE-2023-40280 1 Openclinic Ga Project 1 Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVE-2016-4815 1 Buffalo 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more 2025-04-12 N/A
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-2619 1 Aspen 1 Aspen 2025-04-12 N/A
Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI.
CVE-2014-9461 1 Reality66 1 Cart66 Lite 2025-04-12 N/A
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.
CVE-2016-2933 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
CVE-2015-1884 1 Ibm 2 Business Process Manager, Websphere 2025-04-12 N/A
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
CVE-2016-6232 2 Canonical, Kde 2 Ubuntu Linux, Karchives 2025-04-12 N/A
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
CVE-2016-1429 1 Cisco 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Wireless-n Multifunction Vpn Router and 1 more 2025-04-12 N/A
Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.
CVE-2014-1975 1 R-company 1 Unzipper 2025-04-12 N/A
Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
CVE-2015-8921 4 Canonical, Libarchive, Novell and 1 more 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-3629 3 Docker, Opensuse, Redhat 3 Libcontainer, Opensuse, Rhel Extras Other 2025-04-12 7.8 High
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
CVE-2014-2610 1 Hp 1 Executive Scorecard 2025-04-12 N/A
Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.