Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3352

3352 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-42970 Directory Traversal vulnerability in SAPCAR — SAPCAR 5.8 Medium2025-07-08
CVE-2025-53375 Dokploy allows attackers to read any file that the Traefik process user can access — dokploy 8.8AIHighAI2025-07-07
CVE-2025-6806 Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6807 Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6795 Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6794 Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability — QConvergeConsole 9.8AICriticalAI2025-07-07
CVE-2025-6801 Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6800 Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6799 Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6798 Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability — QConvergeConsole 9.1AICriticalAI2025-07-07
CVE-2025-6797 Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6805 Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability — QConvergeConsole 9.1AICriticalAI2025-07-07
CVE-2025-6796 Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6793 Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability — QConvergeConsole 9.1AICriticalAI2025-07-07
CVE-2025-6804 Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6803 Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability — QConvergeConsole 7.5AIHighAI2025-07-07
CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index — run-llama/llama_index 7.5 -2025-07-07
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index — run-llama/llama_index 5.3 -2025-07-07
CVE-2025-7108 risesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversal — Digital-Infrastructure 5.4 Medium2025-07-07
CVE-2025-7107 SimStudioAI sim route.ts handleLocalFile path traversal — sim 5.3 Medium2025-07-07
CVE-2025-7098 Comodo Internet Security Premium File Name path traversal — Internet Security Premium 5.6 Medium2025-07-06
CVE-2025-28980 WordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion Vulnerability — Aviation Weather from NOAA 7.7 High2025-07-04
CVE-2025-49303 WordPress Frontend Admin by DynamiApps plugin <= 3.28.7 - Arbitrary File Download Vulnerability — Frontend Admin by DynamiApps 6.8 Medium2025-07-04
CVE-2025-2932 JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion — JKDEVKIT 8.8 High2025-07-03
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API — CMS 8.1AIHighAI2025-07-02
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload — kotaemon 6.5 Medium2025-07-02
CVE-2025-53110 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix — servers 7.5AIHighAI2025-07-02
CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function — Vikinger 8.1 High2025-07-02
CVE-2025-27022 Path Traversal Vulnerability in Infinera G42 — G42 7.5 High2025-07-02
CVE-2025-5014 Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion — Home Villas | Real Estate WordPress Theme 8.8 High2025-07-02

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3352 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.