PT-2025-34285 · Undefined · Undefined

Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal...

PT-2025-34198 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.9.x through 10.9.2 Description: Mattermost fails to sanitize path traversal sequences in...

Spring Framework 5.3.x < 5.3.44 / 6.1.x < 6.1.22 / 6.2.x < 6.2.10 Path Traversal (CVE-2025-41242)

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.44, 6.1.x prior to 6.1.22, or 6.2.x prior to 6.2.810. It is, therefore, affected by a path traversal vulnerability: - Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when...

Security Bulletin: Multiple Secuirty vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

Summary Multiple secuirty vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...

Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Summary A vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files' database-resident metadata and / or upload new files, with arbitrary content and extensions, which won't...

GHSA-MV33-9F6J-PFMC Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Summary A vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files' database-resident metadata and / or upload new files, with arbitrary content and extensions, which won't...

CVE-2025-36114

IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-36114

IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-36114 IBM QRadar SOAR Plugin App path traversal

IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-36114

CVE-2025-36114 affects IBM QRadar SOAR Plugin App versions 1.0.0–5.6.0. The issue is a path traversal vulnerability: a remote attacker could send crafted URL requests containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM’s security bulletin notes a fix in version 5.6.2;...

CVE-2025-36114 IBM QRadar SOAR Plugin App path traversal

IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-55295

A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the serv...

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...

PT-2025-34063 · Ibm · Ibm Soar Qradar Plugin App

Name of the Vulnerable Software and Affected Versions: IBM QRadar SOAR Plugin App versions 1.0.0 through 5.6.0 Description: The IBM QRadar SOAR Plugin App may allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot”...

Linux Distros Unpatched Vulnerability : CVE-2022-4244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intende...

Linux Distros Unpatched Vulnerability : CVE-2025-31651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was...

VMware Spring Framework <= 5.3.43, 6.0.0 - 6.0.29, 6.1.0 - 6.1.21, 6.2.0 - 6.2.9 Path Traversal Vulnerability - Linux

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework <= 5.3.43, 6.0.0 - 6.0.29, 6.1.0 - 6.1.21, 6.2.0 - 6.2.9 Path Traversal Vulnerability - Windows

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-55295

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability...

CVE-2025-55295 qBit Manage Path Traversal Vulnerability

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability...