An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet F…

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed vers…

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI comman…

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 bef…

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A …

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1,…

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administra…

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-bet…

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The …

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6…

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An …

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version …

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that wou…

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an atta…

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attack…

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution aft…

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older un…

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZI…

<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that a…

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <…

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP …

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Softwa…

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to …

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vul…

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1…

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9…

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker …

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023…

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read parti…

The Apache Web Server (httpd) specific code that normalised the requested path before matching …

Microsoft Exchange Server Remote Code Execution Vulnerability

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauth…

This external control of file name or path vulnerability allows remote attackers to access or m…

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC serv…

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's f…

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal v…

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system…

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion M…

TVT NVMS-1000 devices allow GET /.. Directory Traversal

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in…