Search Results (9622 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41887 2026-04-15 N/A
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
CVE-2024-51376 2026-04-15 7.5 High
Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.
CVE-2024-21542 1 Spotify 1 Luigi 2026-04-15 8.6 High
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
CVE-2024-56142 2026-04-15 6.5 Medium
pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-14220 1 Orico 1 Cd3510 2026-04-15 4.3 Medium
A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-34521 2026-04-15 3.5 Low
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system user running the application.
CVE-2024-24043 1 Speedy11cz 1 Mcrpx 2026-04-15 5.5 Medium
Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file.
CVE-2024-57784 2026-04-15 5.5 Medium
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
CVE-2023-3675 1 Secomea 1 Gatemanager 2026-04-15 6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051.
CVE-2024-55587 2026-04-15 8.8 High
python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
CVE-2024-4956 1 Sonatype 1 Nexus Repository Manager 2026-04-15 7.5 High
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
CVE-2024-7514 2026-04-15 6.5 Medium
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9
CVE-2025-50819 2026-04-15 7.1 High
Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the generation logic in daily_arxiv.py.
CVE-2025-0615 2026-04-15 5.3 Medium
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted.
CVE-2024-41971 2026-04-15 8.1 High
A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.
CVE-2025-52926 2026-04-15 2.7 Low
In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface.
CVE-2024-55457 2026-04-15 6.5 Medium
MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information.
CVE-2024-6085 1 Parisneo 1 Lollms 2026-04-15 N/A
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.
CVE-2025-58769 4 Auth0, Laravel, Symfony and 1 more 4 Auth0, Laravel, Symfony and 1 more 2026-04-15 3.3 Low
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. The vulnerability affects any application that either directly uses the Auth0-PHP SDK (versions 3.3.0–8.16.0) or indirectly relies on those versions through the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs. This issue is fixed in version 8.17.0.
CVE-2025-11182 1 Gtone 1 Changeflow 2026-04-15 6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1.