ReportizFlow
Filtered by vendor
Subscriptions
Total
8943 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37501 | 2026-04-15 | 8.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3. | ||||
| CVE-2025-58355 | 1 Charmbracelet | 1 Soft-serve | 2026-04-15 | 7.7 High |
| Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0. | ||||
| CVE-2024-37372 | 2026-04-15 | 3.6 Low | ||
| The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. | ||||
| CVE-2024-36267 | 2026-04-15 | 8.1 High | ||
| Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process). | ||||
| CVE-2024-35474 | 2026-04-15 | 6.5 Medium | ||
| A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. | ||||
| CVE-2024-35205 | 1 Kingsoft | 1 Wps Office | 2026-04-15 | 7.8 High |
| The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID. | ||||
| CVE-2024-34060 | 1 Dfir-iris | 1 Iris | 2026-04-15 | 8.8 High |
| IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0. | ||||
| CVE-2024-54909 | 2026-04-15 | 8.1 High | ||
| A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. | ||||
| CVE-2024-3318 | 2026-04-15 | 4.2 Medium | ||
| A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources. | ||||
| CVE-2024-56198 | 2026-04-15 | N/A | ||
| path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0. | ||||
| CVE-2024-31848 | 2026-04-15 | 9.8 Critical | ||
| A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. | ||||
| CVE-2024-31850 | 1 Cdata | 1 Arc | 2026-04-15 | 8.6 High |
| A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. | ||||
| CVE-2024-31232 | 1 Sizam Design | 1 Rehub | 2026-04-15 | 8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. | ||||
| CVE-2024-28880 | 2026-04-15 | 6.5 Medium | ||
| Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product. | ||||
| CVE-2024-37932 | 2 Anhvnit, Wordpress | 2 Woocommerce Openpos, Wordpress | 2026-04-15 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. | ||||
| CVE-2024-22232 | 2026-04-15 | 7.7 High | ||
| A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem. | ||||
| CVE-2024-31978 | 1 Siemens | 1 Sinec-nms | 2026-04-15 | 7.6 High |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system. | ||||
| CVE-2020-37086 | 1 Rubikon Teknoloji | 1 Easy Transfer | 2026-04-15 | 6.2 Medium |
| Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters. | ||||
| CVE-2025-59343 | 1 Tar-fs Project | 1 Tar-fs | 2026-04-15 | 7.5 High |
| tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories. | ||||
| CVE-2025-64346 | 1 Archives Project | 1 Archives | 2026-04-15 | N/A |
| archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the user is running this library as, through the program that imports it. Severity depends on user permissions, environment and how arbitrary archives are passed. This issue is fixed in version 1.0.1. | ||||