2552 matches found
EUVD-2026-44551
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...
EUVD-2026-44549
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...
CVE-2026-48310
Adobe Experience Manager (AEM) is affected by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal, CWE-22) vulnerability that could enable arbitrary file system read. The issue arises from an improper pathname restriction, allowing access to sensitive files outside the ...
CVE-2026-48359
Adobe Experience Manager is affected by an XML External Entity (XXE) vulnerability (CVE-2026-48359) due to improper restriction of XML External Entity references. It could allow a low-privileged attacker to read sensitive files and potentially gain elevated access or control, with arbitrary code ...
qdPM 9.2 - Directory Traversal
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...
VertaAI ModelDB - Path Traversal
The endpoint "/api/v1/artifact/getArtifact?artifactpath=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifactpath parameter. id: CVE-2023-6023 info: name: VertaAI ModelDB - Path Traversal author:...
Chuanhu Chat - Directory Traversal
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...
Commvault CommCell - Local File Inclusion
CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. id: CVE-2020-25780 info: name: Commvault...
FHEM 6.0 - Local File Inclusion
FHEM version 6.0 suffers from a local file inclusion vulnerability. id: CVE-2020-19360 info: name: FHEM 6.0 - Local File Inclusion author: 0xAkoko severity: high description: FHEM version 6.0 suffers from a local file inclusion vulnerability. impact: | Successful exploitation of this vulnerabilit...
Traggo Server - Local File Inclusion
traggo/server version 0.3.0 is vulnerable to directory traversal. id: CVE-2023-34843 info: name: Traggo Server - Local File Inclusion author: DhiyaneshDk severity: high description: | traggo/server version 0.3.0 is vulnerable to directory traversal. impact: | Successful exploitation of this...
Vite Dev Server - Directory Traversal
Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...
WordPress Plugin WP Content Source Control - Directory Traversal
A directory traversal vulnerability in the filegetcontents function in downloadfiles/download.php in the WP Content Source Control wp-source-control plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the path parameter. id: CVE-2014-5368 inf...
WordPress Mail Masta 1.0 - Local File Inclusion
WordPress Mail Masta 1.0 is susceptible to local file inclusion in countofsend.php and csvexport.php. id: CVE-2016-10956 info: name: WordPress Mail Masta 1.0 - Local File Inclusion author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file...
VMware - Local File Inclusion
VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access withou...
FlatnuX CMS - Directory Traversal
A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...
ionCube Tester Plus <= 1.3 - Local File Inclusion
The ionCube Tester Plus plugin for WordPress versions = 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without...
XWiki - Information Disclosure
XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...
Clustering Local File Inclusion
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...
WordPress Ninja Job Board < 1.3.3 - Direct Request
WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes. id: CVE-2022-2544...
Shirne CMS 1.2.0 - Local File Inclusion
Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...