Lucene search
+L

93 matches found

OSV
OSV
added 2025/07/23 6:33 a.m.7 views

GHSA-3R3J-4VRW-884J files-bucket-server vulnerable to Directory Traversal

All versions of the package files-bucket-server are vulnerable to Directory Traversal, where an attacker can traverse the file system and access files outside of the intended directory...

8.7CVSS6.8AI score0.00755EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/21 9:30 a.m.9 views

CVE-2025-49656 Apache Jena: Administrative users can create files outside the server directory space via the admin UI

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...

0.01401EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 8:17 p.m.61 views

CVE-2025-0573

CVE-2025-0573 concerns the Sante PACS Server, where the vulnerability lies in the DCM file parsing that fails to validate a user-supplied path before file operations. This directory traversal can allow an unauthenticated, remote attacker to write arbitrary files on the server, running with the cu...

5.3CVSS5.3AI score0.01795EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.4 views

PT-2024-41081 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework affected versions not specified Description: The issue is related to the org.springframework.web.multipart package of the Spring Web module in the Spring Framework, which is associated with incorrect restriction of the path...

7.8CVSS7AI score
Exploits0References2
OSV
OSV
added 2024/11/19 5:15 p.m.3 views

CVE-2024-48071

E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service...

6.5CVSS5.8AI score0.00843EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/11/05 12:0 a.m.13 views

The vulnerability of the OPC server WorkstationST, related to incorrect restrictions on the path name to the directory, allows a hacker to gain access to the server’s directory.

The vulnerability of the OPC server WorkstationST is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the server’s directory...

9.7CVSS5.5AI score
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/18 3:15 p.m.5 views

CVE-2023-40051

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

9.9CVSS5.8AI score0.00557EPSS
Exploits0References2
NVD
NVD
added 2024/01/18 3:15 p.m.27 views

CVE-2023-40051

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

9.9CVSS9.3AI score0.00557EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.5 views

PT-2024-12836 · Progress · Progress Application Server (Pas) For Openedge

Name of the Vulnerable Software and Affected Versions: Progress Application Server PAS for OpenEdge versions 11.7 prior to 11.7.18 Progress Application Server PAS for OpenEdge versions 12.2 prior to 12.2.13 Progress Application Server PAS for OpenEdge innovation releases prior to 12.8.0...

9.9CVSS9.4AI score0.00557EPSS
Exploits0References11
wpexploit
wpexploit
added 2023/12/04 12:0 a.m.312 views

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...

7.5CVSS8.8AI score0.30894EPSS
Exploits5References1
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.5 views

Emoncms 安全漏洞

Emoncms is an open source web application. The program is primarily used to process, record and display energy, temperature and other environmental data. A security vulnerability exists in Emoncms v11 and earlier versions, which stems from the presence of an information disclosure vulnerability...

5.3CVSS5.7AI score0.00456EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.8 views

TIBCO Software EBX 路径遍历漏洞

TIBCO Software EBX is a software from TIBCO Software, Inc. that supports integration to manage enterprise data assets. A security vulnerability exists in TIBCO Software EBX version 4.5.16 and prior versions that could allow an attacker to upload files to a directory accessible from a web server...

9.1CVSS7AI score0.00755EPSS
Exploits0References2
OSV
OSV
added 2023/04/26 6:15 p.m.6 views

CVE-2023-29268

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

9.8CVSS7.4AI score0.01032EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/26 5:24 p.m.27 views

CVE-2023-29268 TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

9.8CVSS9.7AI score0.01032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.7 views

PT-2023-3159 · Tibco Software · Tibco Spotfire Statistics Services

Name of the Vulnerable Software and Affected Versions: TIBCO Spotfire Statistics Services versions 11.4.10 and below TIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.1.0, 12.2.0 Description: The Splus Server component o...

9.8CVSS7.7AI score0.01032EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.6 views

TIBCO Software Spotfire Statistics Services 代码问题漏洞

TIBCO Software Spotfire Statistics Services is a comprehensive library of statistics and data algorithms based on the TERR engine or other engines from TIBCO Software, USA. A security vulnerability exists in TIBCO Software Spotfire Statistics Services, which originates in the Splus Server compone...

9.8CVSS8.6AI score0.01032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/22 6:21 p.m.14 views

CVE-2023-25579 Directory traversal in Nextcloud server

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

6CVSS6.7AI score0.00505EPSS
Exploits0References2
OSV
OSV
added 2022/12/28 12:30 a.m.28 views

GHSA-VP56-R7QV-783V ahh vulnerable to Path Traversal

Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

7.5CVSS7.3AI score0.01143EPSS
Exploits0References6
NVD
NVD
added 2022/08/18 7:15 p.m.22 views

CVE-2022-37422

Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded...

7.5CVSS0.01065EPSS
Exploits0References2
OSV
OSV
added 2022/07/18 1:15 p.m.4 views

CVE-2022-35404

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine...

8.2CVSS7.3AI score0.02733EPSS
Exploits0References2
Rows per page
Query Builder