High
CVSS: 8.6
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `/image` API endpoint in Tautulli v2.15.3 and earlier is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the ap…
Medium
CVSS: 4.9
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system…
Low
CVSS: 2.3
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server t…
Medium
CVSS: 6.5
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a…
Critical
CVSS: 9.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access a…
Critical
CVSS: 9.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.1…
Medium
CVSS: 6.9
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.
Low
CVSS: 2.7
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, st…
High
CVSS: 8.7
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Medium
CVSS: 6.5
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.
Medium
CVSS: 5.3
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. This makes it possible for unauthenticated…
Medium
CVSS: 6.8
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
Medium
CVSS: 4.4
Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0…
High
CVSS: 7.2
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Medium
CVSS: 4.2
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value ret…
Medium
CVSS: 6.5
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
Medium
CVSS: 6.1
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
High
CVSS: 7.7
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
High
CVSS: 8.4
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).
Medium
CVSS: 6.5
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.