Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with dire
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously craf
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending cra
All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.
An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.
Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component.
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad te
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypass
Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Lo
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containin
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensiti
A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions
Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component.
Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote
An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location f
A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP req
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside
Page 1+ Next →