Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-8742

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Jan, 2020 | 17:29
Updated At-06 Aug, 2024 | 13:26
Rejected At-
Credits

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Jan, 2020 | 17:29
Updated At:06 Aug, 2024 | 13:26
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-14-411/
x_refsource_MISC
http://support.lexmark.com/index?page=content&id=TE666
x_refsource_CONFIRM
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-14-411/
Resource:
x_refsource_MISC
Hyperlink: http://support.lexmark.com/index?page=content&id=TE666
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-14-411/
x_refsource_MISC
x_transferred
http://support.lexmark.com/index?page=content&id=TE666
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-14-411/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://support.lexmark.com/index?page=content&id=TE666
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Jan, 2020 | 18:15
Updated At:29 Jan, 2020 | 20:17

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N
CPE Matches
Lexmark International, Inc.
lexmark
>>markvision_enterprise>>Versions before 2.1(exclusive)
cpe:2.3:a:lexmark:markvision_enterprise:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://support.lexmark.com/index?page=content&id=TE666cve@mitre.org
Not Applicable
http://www.zerodayinitiative.com/advisories/ZDI-14-411/cve@mitre.org
Third Party Advisory
VDB Entry
Hyperlink: http://support.lexmark.com/index?page=content&id=TE666
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-14-411/
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1167Records found
CVE-2018-18894
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 12:50
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarex74x_firmwarex65xmx611_firmwaremx510_firmwarem3150_firmwarecx510c95xxs478ms810demx611mx410c748c748_firmwarem5155_firmwarex86x_firmwarexc2132_firmwarex95x_firmwarecx510_firmwaremx6500emx71x_firmwarecx410_firmwaremx510xm1145mx81xxs548_firmwarecs796xc2132mx6500e_firmwarems91x_firmwaremx81x_firmwarex925x792_firmwarexs925_firmwarems610dtexs79x_firmwarexm1145_firmwarex73x_firmwarecs748_firmwarec925_firmwarem3150c95x_firmwarem5170xs925xm3150ms810de_firmwarems610dexm51xx_firmwarex548_firmwaremx610_firmwarecs41xm5163cs41x_firmwarecs51xxm3150_firmwarexm51xxx548x73xcx410ms610dte_firmwarem5163_firmwarec79x_firmwarem5170_firmwaresm91x_firmwarem5155ms812dex86xc79xxm71xxms91x6500exs478_firmwarec925cs796_firmwaresm91xxs95xmx410_firmwarex95xxm71xx_firmwarexs79x6500e_firmwarex792mx91x_firmwarex74xcs51x_firmwarexs95x_firmwaremx71xmx610cs748mx511x65x_firmwarex46x_firmwarexs548x925_firmwaremx511_firmwarex46xmx91xms610de_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-16758
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.84% / 95.35%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 17:56
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-services_monitorservices_monitor_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-40239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 00:00
Updated-01 Oct, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarem1145_firmwarexm1140xm5170xm7163ms812dn_firmwarecx510mx911cs517_firmwarems711_firmwarexm7170_firmwarexm9165_firmwarems810dnms810dn_firmwarems415_firmwaremx717_firmwarem5163dn_firmwarecs417cx510_firmwarecs417_firmwarecx410_firmwaremx510xm1145cs410_firmwarexm5170_firmwarems610dnxm5270ms610dn_firmwarem3150de_firmwarecs510xm7163_firmwarems810de_firmwarems315xm3150_firmwaremx617xm7270_firmwarecx410mx711_firmwaremx812xm5163m5170_firmwaremx810_firmwarexm7263mx317_firmwarecx317_firmwarecs517ms415cx310mx711xm1135_firmwaremx410_firmwarems817_firmwarecs317_firmwaremx310mx718_firmwarems812dnmx710ms417ms817mx910_firmwaremx710_firmwarec2132_firmwarecx417ms811mx912_firmwarems911_firmwarexm5270_firmwarem3150decx517_firmwarexm9145ms317cs510_firmwarems310_firmwarecs410ms517_firmwarems911cx517mx611_firmwarems410_firmwaremx812_firmwaremx910ms711xm5263mx510_firmwarexm5263_firmwarems317_firmwaremx811_firmwaremx517_firmwarem3150dn_firmwarexm7155_firmwaremx317ms810dem5163demx517mx611mx410ms410m1140_firmwarem5155_firmwarems811_firmwarexc2132_firmwarexm9165ms818_firmwarecx310_firmwarems517cs310xc2132ms312_firmwarem1140\+ms617_firmwarexm9155_firmwarexm1145_firmwaremx717xc2130ms617m5170ms312xm1135xm3150ms610dems710_firmwarem1140ms710mx610_firmwarexm7270cs310_firmwarem3150dnms510_firmwarems417_firmwaremx718xm9145_firmwaremx417_firmwarexm1140_firmwarexm7155m5155mx912xm5163_firmwaremx811ms812dems510mx810m5163de_firmwarem1145xc2130_firmwarexm7263_firmwarem5163dnmx911_firmwarems818m1140\+_firmwarexm9155ms310xm7170mx310_firmwaremx617_firmwarems315_firmwarec2132mx610mx511cx317mx511_firmwarecx417_firmwarecs317mx417ms610de_firmwaren/acs310
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2011-3269
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 18:11
Updated-06 Aug, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-x736_firmwarex850e250x792dee330t644x950_firmwaree232c540x36xx546_firmwaree460_firmwarec534_firmwarex734x264c520_firmwarex945e_firmwarex954_firmwaree234c524_firmwarec760x544_firmwaret440e260x736x548de_firmwarex854_firmwarec520x850_firmwarex264_firmwarec510_firmwaret650_firmwarex952_firmwarec920e120x34xx952x544t654x782e_firmwarex792de_firmwarec532_firmwarex650t640_firmwaree460c772c736_firmwaret652_firmwaree340t650e240_firmwarec925dec789x646_firmwarec770_firmwarec534c522e360e120_firmwarex862t644_firmwarec782_firmwarec760_firmwaree240nw850e450e360_firmwarec734x772e_firmwarex860x422_firmwarec950x954t656_firmwaret652x738x422t656x940e_firmwarec925de_firmwarec734_firmwarec510x945ex46x_firmwarex782ee462_firmwarec532w840_firmwarex46xc540_firmwarex34x_firmwarec530c530_firmwarex940ee330_firmwarec792ew850_firmwarex642x772ee232_firmwarec782x546e340_firmwarex738_firmwarec770t642_firmwaree234n_firmwarex548det654_firmware25xxn_firmwaret642c950_firmwaree234_firmwarex925dee332nx650_firmwarex854x864_firmwaree240n_firmwaree234n25xxnx852_firmwarec792e_firmwarex543_firmwaree230_firmwarec522_firmwarew840e238c546e332n_firmwaree342_firmwarec772_firmwaree240e250_firmwarec789_firmwarec546_firmwarec524c762_firmwarec920_firmwarex950x862_firmwarex864e230t640c935dn_firmwaree350_firmware6500ee342e238_firmwarex644x860_firmwarec762x543x642_firmware6500e_firmwarec736x36x_firmwaree350x852x734_firmwarec935dnx925de_firmwaret440_firmwaree450_firmwarex646e462e260_firmwarex644_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-22960
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-28.74% / 96.58%
||
7 Day CHG-32.51%
Published-23 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-xm7355_firmwarexc8163_firmwaremx321cx431_firmwaremx521_firmwarems823_firmwarecx923_firmwarecx860b2442_firmwaremx822mb2546ms826_firmwareb2442ms521_firmwarexm3142cs927xc6152_firmwaremx721ms826cx920mc2425m1242_firmwarec2326_firmwarexc4153_firmwarexc9335_firmwarems821ms822xc4342ms821_firmwaremx822_firmwarec2325xc4150_firmwarexm1246_firmwarecx923mx721_firmwarexm7355b2865cx622c4150_firmwarexc4240mc2640_firmwarecx820_firmwareb3340_firmwarecs439cx421_firmwaremx722xm1242_firmwaremx421mx722_firmwarecx924xc2235_firmwaremb2770xm3250_firmwarexc9445mx431xc9265_firmwaremx432_firmwarec2535_firmwaremx622c9235mc3326_firmwarexm7370cs331cx522_firmwaremc3224mx826cx860_firmwarexm7370_firmwarems622_firmwarecx725_firmwaremx421_firmwarecx825_firmwarexc8155c2326mc2535mc2325_firmwaremb2236xc2326cs827m1342mx321_firmwarecs421_firmwarexc8160cx924_firmwarecs921_firmwaremc3224_firmwarexc2235cs521mx522_firmwarexm1246mb2236_firmwarecx727ms321_firmwareb2236_firmwarems621xc4140c3326b2650xm3142_firmwarexc9455_firmwarecx727_firmwarecs820_firmwarexc4143ms825mb2650_firmwarecx944_firmwarexc9445_firmwarems825_firmwarexc9235_firmwarexc9255_firmwarexc8155_firmwareb3340mx931_firmwarems431xc9245_firmwarecx421b2236ms321cs725xc4352xc9255cs725_firmwarems331_firmwarems431_firmwarecx820cs728_firmwarexc9245xc8160_firmwarecx825xc6153_firmwarems823mc2535_firmwarecs923_firmwaremb3442cs622cx622_firmwarecx431b2650_firmwaremx826_firmwarecx921_firmwarec3326_firmwarexc4140_firmwaremc3426_firmwarecs727_firmwarems622xm3250cx922mx521cx725xc4153c6160_firmwaremb2442mx931xm1342_firmwarexc4352_firmwaremb2650c2240_firmwarecx522xc6152xc9335xc9465mb3442_firmwarexc4150b3442m5255_firmwarecs927_firmwarexm5365mx331xm1342b2865_firmwareb2338cx625_firmwarem5255mb2338_firmwarecs720cx921cs827_firmwarexc4240_firmwarecs521_firmwarec6160cs431_firmwarexc9455xm5365_firmwarec2425xc6153c3426cs923m3250_firmwaremx622_firmwarem3250cs431m1342_firmwarexc9465_firmwarec2425_firmwarem5270_firmwarecs439_firmwarems822_firmwarecx944ms725xc8163mc2325b2546ms331m1246_firmwarecx922_firmwaremx331_firmwarexc9235xm1242mb2442_firmwarecs820ms621_firmwarecs728cs421cs622_firmwarec9235_firmwaremb2546_firmwaremc2640cx331xc9225c3224_firmwarem5270mx432b3442_firmwaremx522cs331_firmwarecx331_firmwaremc2425_firmwarecx625c2240cx920_firmwaremc3326mx431_firmwarems421xc9265cs921c3224cs727ms725_firmwarems421_firmwaremb2770_firmwaremc3426m1246xc4143_firmwarec2535b2338_firmwaremb2338xc2326_firmwarexc9225_firmwarec2325_firmwarexc4342_firmwarem1242cs720_firmwareb2546_firmwarec4150ms521c3426_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-44737
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 74.95%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 16:04
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-xc8155ms812de_firmwarem1145_firmwarex65xxm7370mc2640_firmwarex950_firmwaremc2535ms823mb3442cs517_firmwaremb2236_firmwareb2236_firmwarexm7170_firmwaremx826c746cs521xm9165_firmwaremx717_firmwarems415_firmwarexm3250_firmwarem5163dn_firmwarexc6153cs417cx510_firmwarexc9245_firmwaremx421_firmwaremx510xm1145cx922_firmwarecs827_firmwarecs827ms822mx6500e_firmwareb2546xm5365_firmwarems821_firmwareb3340xm5270m3150de_firmwarecs748_firmwarexc9255cs510xm1242x952_firmwaremb2650_firmwarex952ms826_firmwarem1246_firmwaremx722_firmwarecs923mx321c9235c736_firmwarexm3150_firmwaremx617xm7270_firmwaremx711_firmwarecx860mx822_firmwarecs421_firmwarecx421_firmwarecs517xs950cs720w850c2325_firmwarec734c2535mx711cs820mx410_firmwarec4150ms817_firmwaremc2535_firmwarec950mx310x954cs728_firmwarec2325ms812dnmx710xc4143c2240b2546_firmwaremx910_firmwarems822_firmwarec3426_firmwarecx921_firmwarexc8160c3224_firmwaremb2770x65x_firmwarexc4143_firmwarexm5270_firmwarex46xmx431xm3250xm9145cx517_firmwarecs510_firmwarems321_firmwarexc9225ms911b2865_firmwarecs421ms410_firmwaremx812_firmwaremx910xm5263mx510_firmwarexm5263_firmwarems317_firmwaremx522_firmwarecx727_firmwarecx924_firmwarexm7155_firmwaremx622mx317c792b2865mb2770_firmwaremx611mx410ms410ms331m1140_firmwaremb2442xc2132_firmwarexc4140_firmwarecx725ms818_firmwaremc3224_firmwarecx310_firmwarecs725_firmwarexs795cx820_firmwarec2425mb2546cs796xm5365xc2132x925xs925_firmwarems617_firmwarexm9155_firmwarexm1145_firmwarex73x_firmwarec2240_firmwarems622_firmwaremx717cx921ms617xm1135xm3150ms610dems710_firmwarems823_firmwaremx610_firmwarexm7270c3426cs310_firmwaree46xxm7355_firmwarems510_firmwarecs622xm7355m3250mx718ms621_firmwarems621x548mx417_firmwaremx522cx331_firmwarecx622_firmwarexm1140_firmwareb2338m5155mx811xc4150mx421b2650x748_firmwaremx810m5163de_firmwarecx860_firmwarem1145xs798ms725m1246ms818mc3224m1140\+_firmwarec736ms310mc3426mx310_firmwarems825mx617_firmwarecs921_firmwarec2132cx825x746cx924mx610t65x_firmwareb2236mx721x925_firmwarecx725_firmwarecx431xc9265_firmwarems431cx622cs317cs720_firmwaremx611_firmwarexm1242_firmwarems610de_firmwarecs725xm1140mx331_firmwarexc4240mx321_firmwarecs927_firmwarexm5170xm7163xm1246ms812dn_firmwarexs795_firmwarexc9245mx911cx510mb2442_firmwarexc6153_firmwarems521ms711_firmwarexs796mx331ms810dncx431_firmwarems810dn_firmwarec748e46x_firmwarex954_firmwarex748xc4153xs950_firmwarexc4240_firmwarecs417_firmwarecx410_firmwarexc6152cx331xc8160_firmwarecx727mc3326_firmwaremc2640cs410_firmwarecs921xm5170_firmwarex792_firmwarexc4140ms610dnmb2236xc8155_firmwareb2650_firmwarems610dn_firmwarecx522b3442c925_firmwarec746_firmwarec2326c792_firmwarexs925cx421xm7163_firmwarems810de_firmwarems315x548_firmwaremb2338_firmwarec2326_firmwarecs727_firmwarem5270_firmwarec6160_firmwarexc8163_firmwarem1342c3224xs955_firmwarecx920_firmwarecx410xc4150_firmwaremx812c3326_firmwarem5170_firmwarexm5163mx810_firmwarexm7263cx625mx317_firmwarems725_firmwarecx317_firmwarems415cx825_firmwarecs796_firmwarecx310xm1135_firmwarecs431cs317_firmwarexs796_firmwarems821xm1246_firmwaremc2425mx718_firmwarecs820_firmwaremx722ms417mx622_firmwarec734_firmwarems817mx822ms825_firmwaremx710_firmwarexc2326m5255cs748m5255_firmwarems811x46x_firmwaremx912_firmwarec2132_firmwarexc2235_firmwarems911_firmwarexs748m3150demb2650c3326ms317cs331m5270cs521_firmwarems310_firmwarems517_firmwarecs410cx923_firmwarecx517w850_firmwarems421ms711mx811_firmwaremx517_firmwarem3150dn_firmwarecs622_firmwarems810demx826_firmwarem5163demx517x746_firmwarec4150_firmwarec748_firmwarexm1342_firmwarems811_firmwaremc2325cs927x86x_firmwarem5155_firmwarexm9165c950_firmwaremx6500exc4153_firmwarecx920mc3326xm7370_firmwarexs548_firmwarems517cs310ms431_firmwarecx820ms312_firmwaremx521m1140\+cs431_firmwarec2425_firmwarems321b2338_firmwarecs331_firmwarexs955xc2130m1242cx923m1242_firmwaremc2425_firmwarems312m5170cs439m1140ms710xs748_firmwarexc6152_firmwarem3150dncx522_firmwarec2535_firmwarems417_firmwarec9235_firmwarexc9225_firmwaremx431_firmwarex950m1342_firmwarex73xxm9145_firmwareb2442xm7155mx912xm5163_firmwarems812dex86xxc2235xc9255_firmwarems510c61606500exs798_firmwarems331_firmwarems521_firmwarecx922m3250_firmwarec925xc8163xm1342ms826xc2130_firmwarexm7263_firmwareb3340_firmwarecs728b3442_firmwarexc9265m5163dnxc9235mx911_firmwarecs439_firmwarexc9235_firmware6500e_firmwarecx625_firmwarexm9155x792mb3442_firmwarexm7170mb2546_firmwareb2442_firmwarems315_firmwarecs923_firmwaremb2338mc2325_firmwaremx511xs548cx317mx721_firmwarexc2326_firmwaremx511_firmwarems421_firmwarecs727ms622cx417_firmwaremx521_firmwaremc3426_firmwaremx417t65xn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-9375
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-1.47% / 81.09%
||
7 Day CHG~0.00%
Published-16 Feb, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-markvision_enterprisen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-8741
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-70.35% / 98.71%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:29
Updated-06 Aug, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-markvision_enterprisen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 72.29%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 06:02
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

Action-Not Available
Vendor-sphinxsearchn/aDebian GNU/Linux
Product-debian_linuxsphinxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-20.33% / 95.57%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 15:50
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4

Action-Not Available
Vendor-totvsn/a
Product-fluign/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6118
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.05%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 14:24
Updated-02 Dec, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in Neutron IP Camera

Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1.

Action-Not Available
Vendor-neutronNeutron
Product-ntl-ip05-3mp_firmwarentl-pt-10-4gwos-3mpntl-pt-10-4gwos-3mp_firmwareipc2624-sr3-npf-36ipc2224-sr3-npf-36ntl-bc-03-snpntl-pt-09-wos-3mpneu-ipb210-28_firmwarentl-pt-09-wos-3mp_firmwareipc2624-sr3-npf-36_firmwarentl-bc-03-snmntl-bc-01wneu-ipb210-28ntl-bc01-m_firmwarentl-bc01-mneu-ipdm221neu-ipbm211_firmwareneu-ipdm421ntl-bc-03-snm_firmwarentl-pt-06wod-3mpntl-ip05-3mpneu-ipb410-28neu-ipd220-28_firmwareneu-ipb410-28_firmwarentl-bc-01w_firmwarentl-bc-03-snp_firmwareneu-ipdm221_firmwareneu-ipd220-28ipc2224-sr3-npf-36_firmwareneu-ipbm411_firmwareneu-ipdm421_firmwareneu-ipbm211neu-ipbm411ntl-pt-06wod-3mp_firmwareIP Camera
CWE ID-CWE-25
Path Traversal: '/../filedir'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-3452
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-94.45% / 99.99%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:00
Updated-28 Oct, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5580asa_5512-xasa_5505firepower_threat_defenseasa_5515-xasa_5540asa_5520asa_5550asa_5585-xasa_5545-xadaptive_security_appliance_softwareasa_5510asa_5555-xasa_5525-xCisco Adaptive Security Appliance (ASA) SoftwareAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6252
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.69%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 13:45
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal vulnerability in Chameleon Power products

Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.

Action-Not Available
Vendor-hyphensolutionsChameleon Power
Product-chameleon_powerChameleon Power
CWE ID-CWE-35
Path Traversal: '.../...//'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-28993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.23% / 94.20%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 15:04
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.

Action-Not Available
Vendor-atxn/a
Product-minicmts200a_firmwareminicmts200an/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29166
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 77.24%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 12:27
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.

Action-Not Available
Vendor-rainbowfishsoftwaren/a
Product-pacsone_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29529
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.14%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 19:04
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-go-slugn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-35362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.64%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 05:19
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).

Action-Not Available
Vendor-dext5n/a
Product-dext5uploadn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-35284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.64%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 05:31
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available.

Action-Not Available
Vendor-flamingoim_projectn/a
Product-flamingoimn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-27859
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-4.38% / 89.04%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-9607.

Action-Not Available
Vendor-NEC Corporation
Product-esmpro_managerESMPRO Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6294
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.75%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 16:06
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
popup-builder < 4.2.6 - Admin+ SSRF & File Read

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.

Action-Not Available
Vendor-sygnoosUnknownpopup_builder
Product-popup_builderPopup Builderpopup_builder
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-27467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-87.31% / 99.46%
||
7 Day CHG+1.17%
Published-22 Feb, 2022 | 20:59
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.

Action-Not Available
Vendor-processwiren/a
Product-processwiren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6021
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-87.32% / 99.46%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 16:11
Updated-27 Nov, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ray Log File Local File Include

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

Action-Not Available
Vendor-ray_projectray-project
Product-rayray-project/ray
CWE ID-CWE-29
Path Traversal: '\..\filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6023
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-47.94% / 97.74%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 16:03
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ModelDB Local File Include

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.

Action-Not Available
Vendor-vertaaivertaai
Product-modeldbvertaai/modeldb
CWE ID-CWE-29
Path Traversal: '\..\filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-35745
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.12%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:32
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0.

Action-Not Available
Vendor-strategery-migrations_projectGabriel Somoza / Joseph Fitzgibbons
Product-strategery-migrationsStrategery Migrations
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-12637
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-93.44% / 99.82%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-22 Apr, 2026 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-04-09||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_application_server_javan/aNetWeaver
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-27553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.54%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 14:23
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are needed to exploit this vulnerability.

Action-Not Available
Vendor-basetechn/a
Product-ge-131_bt-1837836_firmwarege-131_bt-1837836n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6015
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-10||CRITICAL
EPSS-0.77% / 73.56%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 16:06
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MLflow Arbitrary File Upload

MLflow allowed arbitrary files to be PUT onto the server.

Action-Not Available
Vendor-lfprojectsmlflow
Product-mlflowmlflow/mlflow
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-47850
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.31% / 54.16%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-02 Feb, 2026 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mini Mouse 9.2.0 - Path Traversal

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters.

Action-Not Available
Vendor-yodinfoYodinfo
Product-mini_mouseMini Mouse
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-47849
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.04% / 13.08%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-02 Feb, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mini Mouse 9.3.0 - Local File inclusion / Path Traversal

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.

Action-Not Available
Vendor-yodinfoYodinfo
Product-mini_mouseMini Mouse
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-1557
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-28.89% / 96.60%
||
7 Day CHG+0.82%
Published-26 Feb, 2026 | 01:24
Updated-08 Apr, 2026 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-stuartbates
Product-WP Responsive Images
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-0847
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 18:25
Updated-28 Apr, 2026 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in nltk/nltk

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities.

Action-Not Available
Vendor-nltknltk
Product-nltknltk/nltk
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-24571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-92.42% / 99.74%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 03:05
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.

Action-Not Available
Vendor-nexusdbn/a
Product-nexusdbn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-2504
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.35% / 57.38%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 01:39
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Absolute path traversal vulnerability in QES

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qesQES
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46381
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-91.15% / 99.66%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 15:24
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-1620_firmwaredap-1620n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-1143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.28%
||
7 Day CHG~0.00%
Published-27 Feb, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

Action-Not Available
Vendor-jeunes-webmastersn/a
Product-j-web_pics_navigatorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-24625
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.42% / 62.14%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 12:41
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)
Product-utility_computing_service_meterHPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-8876
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.33%
||
7 Day CHG~0.00%
Published-15 Sep, 2024 | 22:00
Updated-20 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xiaohe4966 TpMeCMS lang path traversal

A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.3.2 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-xiaohe4966xiaohe4966xiaohe4966
Product-tpmecmsTpMeCMStpmecms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-25248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.12%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 02:20
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter.

Action-Not Available
Vendor-hylandn/a
Product-onbasen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-25780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-57.28% / 98.16%
||
7 Day CHG-6.09%
Published-29 Oct, 2020 | 16:08
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.

Action-Not Available
Vendor-n/aCommvault Systems, Inc.
Product-commcelln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-46104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.88% / 95.50%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 12:26
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.

Action-Not Available
Vendor-webpn/a
Product-webp_server_gon/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-24368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.23% / 84.64%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:25
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

Action-Not Available
Vendor-icingan/aDebian GNU/LinuxSUSE
Product-package_hublinux_enterprisedebian_linuxicinga_web_2n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-25623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 76.28%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 12:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.

Action-Not Available
Vendor-erlangn/a
Product-erlang\/otpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-46856
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.91%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-53772
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.88% / 75.53%
||
7 Day CHG-0.09%
Published-09 Dec, 2025 | 20:55
Updated-07 Apr, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiniDVBLinux 5.4 Arbitrary File Read Vulnerability via About Page

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device.

Action-Not Available
Vendor-minidvblinuxMiniDVBLinux
Product-minidvblinuxMiniDVBLinux
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-45712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.32%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.

Action-Not Available
Vendor-rust-embed_projectn/a
Product-rust-embedn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-25032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 75.75%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 03:57
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Action-Not Available
Vendor-flask-cors_projectn/aDebian GNU/LinuxopenSUSE
Product-flask-corsdebian_linuxbackports_sleleapn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-24990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.92% / 88.39%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 18:49
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.

Action-Not Available
Vendor-qscn/a
Product-q-sys_core_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-45746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.00%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 20:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java.

Action-Not Available
Vendor-webankn/a
Product-wecuben/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-46420
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.25% / 87.22%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 10:37
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.

Action-Not Available
Vendor-franklinfuelingn/a
Product-ts-550_evots-550_evo_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-24624
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.42% / 62.14%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 12:41
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)
Product-utility_computing_service_meterHPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 23
  • 24
  • Next
Details not found