CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

432 matches found

Cisco Unified Communications Manager 7/8/9 - Directory Traversal

A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...

8.1CVSS7.4AI score0.88559EPSS

Exploits22References4

Nuclei•added yesterday•62 views

JFinalCMS v5.0.0 - Directory Traversal

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. id: CVE-2023-41599 info: name: JFinalCMS v5.0.0 - Directory Traversal author: pussycat0x severity: medium description: | An issue in the component /common/DownController.ja...

5.3CVSS6.1AI score0.11215EPSS

Exploits1References5

Nuclei•added yesterday•71 views

Essential Blocks < 4.4.3 - Local File Inclusion

Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site. id: CVE-2023-6623 info: name: Essential Blocks 4.4.3 - Local File...

9.8CVSS7.2AI score0.50673EPSS

Exploits2References3

Nuclei•added yesterday•140 views

qdPM 9.2 - Directory Traversal

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...

7.5CVSS7.1AI score0.0333EPSS

Exploits1References3

Nuclei•added yesterday•17 views

DOMOS 5.5 - Local File Inclusion

SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. id: CVE-2019-18665 info: name: DOMOS 5.5 - Local File Inclusion author: 0xAkoko severity: high description: | SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. impact: | Successful exploitation of this...

7.5CVSS7.1AI score0.14855EPSS

Exploits0References5

Nuclei•added yesterday•16 views

Joomla! Component User Status - Local File Inclusion

A directory traversal vulnerability in userstatus.php in the User Status comuserstatus component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File...

5CVSS6AI score0.14041EPSS

Exploits1References5

Nuclei•added yesterday•18 views

Joomla! Component Juke Box 1.7 - Local File Inclusion

A directory traversal vulnerability in the JOOFORGE Jutebox comjukebox component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1352 info: name: Joomla! Component Juke Box 1.7 - Local File Inclusion...

5CVSS6AI score0.13598EPSS

Exploits2References4

Nuclei•added yesterday•23 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7.2AI score0.39391EPSS

Exploits4References5

Nuclei•added yesterday•21 views

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6AI score0.14847EPSS

Exploits1References5

Nuclei•added yesterday•94 views

Sharp Multifunction Printers - Directory Listing

It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file. id: CVE-2024-33605 info: name: Sharp Multifunction Printers - Directory Listing author: gy741 severity: hig...

7.5CVSS7.4AI score0.06226EPSS

Exploits1References3

Nuclei•added yesterday•119 views

Gitblit 1.9.3 - Local File Inclusion

Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ e.g., followed by a WEB-INF or META-INF pathname. id: CVE-2022-31268 info: name: Gitblit 1.9.3 - Local File Inclusion author: 0xAkoko severity: high description: | Gitblit 1.9.3 is vulnerable to local file inclusion via...

7.5CVSS7.1AI score0.09601EPSS

Exploits1References5

Nuclei•added yesterday•31 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.4AI score0.02884EPSS

Exploits0References3

Nuclei•added yesterday•14 views

Tyto Sahi pro 7.x/8.x - Local File Inclusion

Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files. id: CVE-2018-20470 info: name: Tyto Sahi pro 7.x/8.x - Local File Inclusion author: daffainfo...

7.5CVSS7.1AI score0.45974EPSS

Exploits6References4

Nuclei•added 2026/06/16 7:13 a.m.•45 views

Pulse Connect Secure SSL VPN Arbitrary File Read

Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access. id: CVE-2019-11510 info: name: Pulse...

10CVSS8.8AI score0.99999EPSS

Exploits22References5

Nuclei•added 2026/06/16 7:13 a.m.•200 views

TVT NVMS 1000 - Local File Inclusion

TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. id: CVE-2019-20085 info: name: TVT NVMS 1000 - Local File Inclusion author: daffainfo severity: high description: | TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. impact: | An attacker can exploit this...

7.5CVSS7.5AI score0.96071EPSS

Exploits6References5

Packet Storm•added 2026/03/05 12:0 a.m.•105 views

📄 basic-ftp downloadToDir() Path Traversal

basic-ftp versions prior to 5.2.0 suffer from a path traversal vulnerability in downloadToDir. ============================================================================================================================================= | Title : basic-ftp prior to version 5.2.0 Path Traversal in...

5.9AI score

Exploits0

RedhatCVE•added 2026/01/09 11:19 a.m.•5 views

CVE-2021-22720

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in C-Bus Toolkit V1.15.7 and prior that could allow a remote code execution when restoring a project...

7.2CVSS7.7AI score0.30534EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:58 a.m.•6 views

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

7.8CVSS7.2AI score0.01347EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:8 a.m.•6 views

CVE-2024-2602

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor...

7.8CVSS7.6AI score0.00281EPSS

Exploits0References1