Total
7974 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34047 | 2025-12-23 | N/A | ||
| A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. | ||||
| CVE-2025-14704 | 2 Sgwbox, Shiguangwu | 2 N3 Nas, Sgwbox N3 | 2025-12-23 | 7.3 High |
| A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10470 | 1 Vibethemes | 2 Wordpress Learning Management System, Wordpress Learning Management System | 2025-12-23 | 9.8 Critical |
| The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated. | ||||
| CVE-2015-10134 | 1 Mywebsiteadvisor | 1 Simple Backup | 2025-12-23 | 7.5 High |
| The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site. | ||||
| CVE-2025-68476 | 2025-12-23 | 7.7 High | ||
| KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3. | ||||
| CVE-2025-11540 | 2025-12-23 | N/A | ||
| Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector. | ||||
| CVE-2025-34395 | 2 Barracuda, Barracuda Networks | 2 Rmm, Rmm | 2025-12-23 | 7.5 High |
| Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys. | ||||
| CVE-2025-63365 | 2 Epubfilereader, Softsea | 2 Epub File Reader, Epub File Reader | 2025-12-23 | 7.1 High |
| SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents. | ||||
| CVE-2025-65076 | 1 Wavestore | 2 Video Management Software Server, Wavestore Server | 2025-12-22 | 6.1 Medium |
| WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root privileges. This issue was fixed in version 6.44.44 | ||||
| CVE-2025-65075 | 1 Wavestore | 2 Video Management Software Server, Wavestore Server | 2025-12-22 | 6.5 Medium |
| WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This issue was fixed in version 6.44.44 | ||||
| CVE-2025-65074 | 1 Wavestore | 2 Video Management Software Server, Wavestore Server | 2025-12-22 | 7.2 High |
| WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script. This issue was fixed in version 6.44.44 | ||||
| CVE-2025-12972 | 2 Fluentbit, Treasuredata | 2 Fluent Bit, Fluent Bit | 2025-12-22 | 5.3 Medium |
| Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory. | ||||
| CVE-2024-12087 | 8 Almalinux, Archlinux, Gentoo and 5 more | 26 Almalinux, Arch Linux, Linux and 23 more | 2025-12-22 | 6.5 Medium |
| A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | ||||
| CVE-2025-34452 | 1 Streama Project | 1 Streama | 2025-12-21 | N/A |
| Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download functionality, where user-controlled parameters are used to fetch remote content and construct file paths without proper validation. By supplying a crafted subtitle download URL and a path traversal sequence in the file name, an attacker can write files to arbitrary locations on the server, potentially leading to remote code execution. | ||||
| CVE-2025-66905 | 1 Takes | 1 Tkfiles | 2025-12-21 | 7.5 High |
| The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system. | ||||
| CVE-2025-67442 | 1 Eve-ng | 1 Eve-ng | 2025-12-21 | 7.6 High |
| EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users. | ||||
| CVE-2013-3993 | 1 Ibm | 1 Infosphere Biginsights | 2025-12-20 | 6.5 Medium |
| IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | ||||
| CVE-2023-53772 | 1 Minidvblinux | 1 Minidvblinux | 2025-12-19 | 7.5 High |
| MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device. | ||||
| CVE-2025-66645 | 2 Nicegui, Zauberzeug | 2 Nicegui, Nicegui | 2025-12-19 | 7.5 High |
| NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0. | ||||
| CVE-2025-14910 | 1 Edimax | 1 Br-6208ac V1 | 2025-12-19 | 4.3 Medium |
| A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is no longer available in the market and has been discontinued for five years. Consequently, Edimax no longer provides technical support, firmware updates, or security patches for this specific model. However, to ensure the safety of our remaining active users, we acknowledge this report and will take the following mitigation actions: (A) We will issue an official security advisory on our support website. (B) We will strongly advise users to disable the FTP service on this device to mitigate the reported risk, by which the product will still work for common use. (C) We will recommend users upgrade to newer, supported models." This vulnerability only affects products that are no longer supported by the maintainer. | ||||