CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

CVE-2026-46337

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incomplete DACL validation in the functions buildsecdesc and idmodetocifsacl. This vulnerability...

PT-2026-21625

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the path security policy is enforced...

CVE-2007-4043

file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

GHSA-67JC-HMVG-Q4C7 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service...

CVE-2024-45241

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information...

CVE-2024-55970

File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734...

CVE-2024-45241

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information...

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

CVE-2024-2083 Directory Traversal in zenml-io/zenml

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1. Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affecte...

Path traversal

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

CVE-2021-36471

Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. Note: AdminLTE developers dispute that this a weakness with AdminLTE and is instead a misconfiguration error on...

CVE-2022-24840 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file

django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the AWSLOCATION setting was set, traversal was limited to that location only. The issue was...

uWSGI Directory Traversal vulnerability

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

CVE-2020-25176

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer IXL protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated...

OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal Vulnerability

OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. Product: OX App Suite, OX Documents Vendor: OX Software GmbH Internal reference:...

CVE-2021-32674

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...