Total
7975 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68143 | 1 Modelcontextprotocol | 1 Servers | 2025-12-18 | N/A |
| Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue. | ||||
| CVE-2025-68145 | 1 Modelcontextprotocol | 1 Servers | 2025-12-18 | N/A |
| In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue. | ||||
| CVE-2025-40898 | 1 Nozomi Networks | 2 Cmc, Guardian | 2025-12-18 | 8.1 High |
| A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability. | ||||
| CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 11 Debian Linux, Fedora, Cloud Backup and 8 more | 2025-12-18 | 5.7 Medium |
| There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | ||||
| CVE-2025-43463 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-12-17 | 5.5 Medium |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Tahoe 26.1, macOS Sequoia 15.7.3. An app may be able to access sensitive user data. | ||||
| CVE-2025-43382 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 5.5 Medium |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-2749 | 1 Kentico | 1 Xperience | 2025-12-17 | 7.2 High |
| An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178. | ||||
| CVE-2020-36893 | 2 Eibiz, Microsoft | 2 I-media Server Digital Signage, Windows | 2025-12-17 | 7.5 High |
| Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini. | ||||
| CVE-2020-36898 | 2 Howfor, Qihang Media | 2 Qihang Media Web Digital Signage, Web Digital Signage | 2025-12-17 | 9.1 Critical |
| QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences. | ||||
| CVE-2025-65792 | 1 Datagear | 1 Datagear | 2025-12-17 | 9.1 Critical |
| DataGear v5.5.0 is vulnerable to Arbitrary File Deletion. | ||||
| CVE-2025-65814 | 2 A1apps, Rhophi Analytics | 2 Office App-edit Word\, Pdf File, Office App-edit Word | 2025-12-17 | 6.5 Medium |
| A lack of security checks in the file import process of RHOPHI Analytics LLP Office App-Edit Word v6.4.1 allows attackers to execute a directory traversal. | ||||
| CVE-2025-67643 | 1 Jenkins | 3 Jira, Redpen, Redpen - Pipeline Reporter For Jira | 2025-12-17 | 4.3 Medium |
| Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory. | ||||
| CVE-2016-20023 | 1 Cksource | 1 Ckfinder | 2025-12-17 | 5 Medium |
| In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. | ||||
| CVE-2025-43465 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-17 | 3.3 Low |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-66449 | 1 C4illin | 1 Convertx | 2025-12-16 | 8.8 High |
| ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint `/upload` allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes `file.name` directly from user supplied data without doing any sanitization on the name thus allowing for arbitrary file write. This can be used to overwrite system binaries with ones provided from an attacker allowing full code execution. Version 0.16.0 contains a patch for the issue. | ||||
| CVE-2025-65345 | 1 Alexusmai | 2 Laravel-file-manager, Laravel File Manager | 2025-12-16 | 6.5 Medium |
| alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation. | ||||
| CVE-2025-54307 | 1 Thermofisher | 2 Torrent Suite, Torrent Suite Software | 2025-12-16 | 8.8 High |
| An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The plupload_file_upload function handles these file uploads and constructs the destination file path by using either the name parameter or the uploaded filename, neither of which is properly sanitized. The file extension is extracted by splitting the filename, and a format string is used to construct the final file path, leaving the destination path vulnerable to path traversal. An authenticated attacker with network connectivity can write arbitrary files to the server, enabling remote code execution after overwriting an executable file. An example is the pdflatex executable, which is executed through subprocess.Popen in the write_report_pdf function after requests to a /report/latex/(\d+).pdf endpoint. | ||||
| CVE-2021-1435 | 1 Cisco | 1 Ios Xe | 2025-12-16 | 7.2 High |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | ||||
| CVE-2023-22273 | 2 Adobe, Microsoft | 3 Robohelp, Robohelp Server, Windows | 2025-12-16 | 7.2 High |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-27976 | 1 Ivanti | 1 Avalanche | 2025-12-16 | 8.8 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||