Search Results (9563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-70084 1 Opensatkit 1 Opensatkit 2026-02-17 7.5 High
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
CVE-2025-59056 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2026-02-13 7.5 High
FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.
CVE-2022-45969 1 Alistgo 1 Alist 2026-02-13 9.8 Critical
Alist v3.4.0 is vulnerable to Directory Traversal,
CVE-2025-25652 1 Eptura 1 Archibus 2026-02-13 7.5 High
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal.
CVE-2025-62449 1 Microsoft 3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension 2026-02-13 6.8 Medium
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
CVE-2025-30387 1 Microsoft 1 Azure Ai Document Intelligence Studio 2026-02-13 9.8 Critical
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-53793 1 Microsoft 4 Azure Stack Hub, Azure Stack Hub 2406, Azure Stack Hub 2408 and 1 more 2026-02-13 7.5 High
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
CVE-2025-54162 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.9 Medium
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
CVE-2025-62853 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 6.5 Medium
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
CVE-2025-62855 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.4 Medium
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
CVE-2025-62856 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.4 Medium
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
CVE-2025-66278 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 6.5 Medium
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later
CVE-2025-58470 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-68406 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-3722 1 Trellix 1 System Information Reporter 2026-02-11 4.4 Medium
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.
CVE-2025-27022 1 Nokia 2 G42, G42 Firmware 2026-02-11 7.5 High
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service.
CVE-2025-63372 2 Articentgroup, Microsoft 2 Zip Rar Extractor Tool, Windows 2026-02-11 4.3 Medium
Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
CVE-2025-69620 2 Moo Chan Song, Ntoolslab 2 Moo Chan Song, Office Reader 2026-02-11 5 Medium
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
CVE-2025-22873 2 Go Standard Library, Golang 2 Os, Go 2026-02-10 3.8 Low
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
CVE-2025-69601 1 Altumcode 1 66biolinks 2026-02-09 6.5 Medium
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences (e.g., ../) in ZIP entries to write files outside the intended extraction directory. This allows static files (html, js, css, images) file write to unintended locations, or overwriting existing HTML files, potentially leading to content defacement and, in certain deployments, further impact if sensitive files are overwritten.