Total
130 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22288 | 2 Wordpress, Wpmudev | 2 Wordpress, Smush Image Compression And Optimization | 2025-11-07 | 4.1 Medium |
| Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0. | ||||
| CVE-2024-12088 | 8 Almalinux, Archlinux, Gentoo and 5 more | 21 Almalinux, Arch Linux, Linux and 18 more | 2025-11-06 | 6.5 Medium |
| A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | ||||
| CVE-2024-12087 | 8 Almalinux, Archlinux, Gentoo and 5 more | 20 Almalinux, Arch Linux, Linux and 17 more | 2025-11-06 | 6.5 Medium |
| A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | ||||
| CVE-2025-48090 | 2 Cocobasic, Wordpress | 2 Blanka, Wordpress | 2025-11-06 | 8.2 High |
| Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5. | ||||
| CVE-2025-58972 | 2 Barcode Scanner, Wordpress | 2 Barcode Scanner With Inventory & Order Manager, Wordpress | 2025-11-06 | N/A |
| Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4. | ||||
| CVE-2025-39467 | 2 Mikado-themes, Wordpress | 2 Wanderland, Wordpress | 2025-11-06 | N/A |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | ||||
| CVE-2025-27222 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-11-03 | 8.6 High |
| TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself. | ||||
| CVE-2025-53880 | 1 Suse | 3 Manager, Manager Proxy, Manager Server | 2025-10-31 | N/A |
| A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. | ||||
| CVE-2025-8088 | 3 Dtsearch, Microsoft, Rarlab | 3 Dtsearch, Windows, Winrar | 2025-10-30 | 8.8 High |
| A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | ||||
| CVE-2025-8051 | 1 Opentext | 1 Flipper | 2025-10-28 | 6.5 Medium |
| Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | ||||
| CVE-2025-26352 | 1 Q-free | 1 Maxtime | 2025-10-28 | 6.5 Medium |
| A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26353 | 1 Q-free | 1 Maxtime | 2025-10-28 | 4.9 Medium |
| A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26354 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.2 High |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26355 | 1 Q-free | 1 Maxtime | 2025-10-28 | 6.5 Medium |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26356 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.2 High |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26357 | 1 Q-free | 1 Maxtime | 2025-10-28 | 4.9 Medium |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26351 | 1 Q-free | 1 Maxtime | 2025-10-24 | 4.9 Medium |
| A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | ||||
| CVE-2025-41723 | 1 Sauter | 2 Ey-modulo 5 Devices, Modulo 6 Devices | 2025-10-23 | 9.8 Critical |
| The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. | ||||
| CVE-2025-42937 | 1 Sap | 1 Sapsprint | 2025-10-21 | 9.8 Critical |
| SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application. | ||||
| CVE-2025-43886 | 1 Dell | 1 Powerprotect Data Manager | 2025-10-20 | 4.4 Medium |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | ||||