Export limit exceeded: 347361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9002 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29087 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 7.5 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. | ||||
| CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2025-01-14 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2021-29088 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.8 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-27618 | 1 Synology | 2 Diskstation Manager, Storage Analyzer | 2025-01-14 | 6.8 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
| CVE-2022-27620 | 1 Synology | 2 Diskstation Manager, Sso Server | 2025-01-14 | 6.8 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2022-27621 | 1 Synology | 2 Diskstation Manager, Usb Copy | 2025-01-14 | 5.5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | ||||
| CVE-2022-27617 | 1 Synology | 2 Calendar, Diskstation Manager | 2025-01-14 | 5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | ||||
| CVE-2022-22679 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 6.5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | ||||
| CVE-2022-24629 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 9.8 Critical |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/. | ||||
| CVE-2021-27825 | 1 Mercurycom | 2 Mac1200r, Mac1200r Firmware | 2025-01-14 | 7.5 High |
| A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL. | ||||
| CVE-2023-28344 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | 7.1 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console. | ||||
| CVE-2022-47526 | 1 Fox-it | 2 Fox Datadiode, Fox Datadiode Firmware | 2025-01-14 | 9.8 Critical |
| Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-24632 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 5.3 Medium |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. | ||||
| CVE-2023-29380 | 1 Linuxmint | 1 Warpinator | 2025-01-13 | 7.5 High |
| Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. | ||||
| CVE-2024-56442 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 5.5 Medium |
| Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2022-36243 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | 5.3 Medium |
| Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. | ||||
| CVE-2023-30196 | 1 Webbax | 1 Salesbooster | 2025-01-13 | 7.5 High |
| Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. | ||||
| CVE-2023-52953 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.2 Medium |
| Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2022-47595 | 1 Codecabin | 1 Wp Go Maps | 2025-01-13 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions. | ||||
| CVE-2024-10005 | 1 Hashicorp | 1 Consul | 2025-01-10 | 8.1 High |
| A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. | ||||