Low
CVSS: 2.3
A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We…
Medium
CVSS: 4.3
Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled…
High
CVSS: 7.5
Relative Path Traversal vulnerability in Apache Tomcat.
The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that re…
Medium
CVSS: 6.3
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary…
Medium
CVSS: 6.3
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary…
High
CVSS: 8.3
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary…
High
CVSS: 8.6
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version
4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine whe…
High
CVSS: 8.2
A relative path traversal vulnerability was discovered in Productivity Suite software version
4.4.1.19.
The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrar…
High
CVSS: 8.3
A relative path traversal vulnerability was discovered in Productivity Suite software version
4.4.1.19.
The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files…
High
CVSS: 8.7
Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Medium
CVSS: 6.5
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authent…
Low
CVSS: 2.9
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).
High
CVSS: 8.6
LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not…
Low
CVSS: 3.1
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory tr…
Medium
CVSS: 6.4
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data.
High
CVSS: 7.7
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server…
Medium
CVSS: 5.5
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
Critical
CVSS: 9.3
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potent…
High
CVSS: 8.5
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file…
High
CVSS: 8.6
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `/image` API endpoint in Tautulli v2.15.3 and earlier is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the ap…