CVE & Exploit Intelligence Database

CVE-2025-53609 4.9 MEDIUM EPSS 0.00

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

CWE-23 Sep 09, 2025

CVE-2025-58752 5.3 MEDIUM 1 Writeup EPSS 0.00

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: 'spa'` (default) or `appType: 'mpa'` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.

CWE-284 Sep 08, 2025

CVE-2025-25048 6.5 MEDIUM EPSS 0.00

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.

CWE-23 Sep 04, 2025

CVE-2025-55748 7.5 HIGH EXPLOITED 1 Writeup NUCLEI EPSS 0.01

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false`. This is fixed in version 16.10.7.

CWE-23 Sep 03, 2025

CVE-2025-55747 9.1 CRITICAL EXPLOITED 1 Writeup NUCLEI EPSS 0.02

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.

CWE-23 Sep 03, 2025

CVE-2025-9570 4.9 MEDIUM EPSS 0.00

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.

CWE-23 Sep 01, 2025

CVE-2025-55202 5.3 MEDIUM 1 Writeup EPSS 0.00

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.

CWE-23 Aug 29, 2025

CVE-2025-9639 7.5 HIGH EPSS 0.00

The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

CWE-23 Aug 29, 2025

CVE-2021-4459 6.5 MEDIUM EPSS 0.00

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.

CWE-23 Aug 27, 2025

CVE-2025-8464 5.3 MEDIUM EPSS 0.01

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the originally intended directory. The impact of this vulnerability is limited, as file types are validated and only safe ones can be uploaded, while deletion is limited to the plugin's uploads folder.

CWE-23 Aug 16, 2025

CVE-2024-48892 6.8 MEDIUM EPSS 0.00

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.

CWE-23 Aug 12, 2025

CVE-2024-40588 4.4 MEDIUM EPSS 0.00

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

CWE-23 Aug 12, 2025

CVE-2025-53779 7.2 HIGH 2 PoCs Analysis EPSS 0.00

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

CWE-23 Aug 12, 2025

CVE-2025-55013 4.2 MEDIUM 1 Writeup EPSS 0.00

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as `../../../etc/cron.d/evil` and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138.

CWE-23 Aug 09, 2025

CVE-2025-51052 6.5 MEDIUM 1 Writeup EPSS 0.00

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.

CWE-23 Aug 06, 2025

CVE-2025-53082 6.1 MEDIUM EPSS 0.00

An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

CWE-23 Jul 29, 2025

CVE-2025-54531 7.7 HIGH EPSS 0.00

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows

CWE-23 Jul 28, 2025

CVE-2025-54317 8.4 HIGH EPSS 0.00

An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).

CWE-23 Jul 20, 2025

CVE-2025-46002 6.5 MEDIUM 1 PoC Analysis EPSS 0.01

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.

CWE-23 Jul 18, 2025

CVE-2025-7619 8.8 HIGH EPSS 0.01

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution.

CWE-23 Jul 14, 2025