CWE-27
22 CVEs classified under CWE-27. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-50254 | Critical | 9.3 | 2023-12-22 | Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads… |
CVE-2026-24457 | Critical | 9.1 | 2026-03-05 | An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unautho… |
CVE-2024-51747 | Critical | 9.1 | 2024-11-11 | Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the se… |
CVE-2025-10438 | High | 8.6 | 2025-09-25 | Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Kata… |
CVE-2025-58761 | High | 8.6 | 2025-09-09 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `real_pms_image_proxy` endpoint in Tautulli v2.15.3 and prior is vulnerable… |
CVE-2024-24809 | High | 8.5 | 2024-04-10 | Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Sinc… |
CVE-2023-52076 | High | 8.5 | 2024-01-25 | Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists… |
CVE-2024-20348 | High | 7.5 | 2024-04-03 | A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote a… |
CVE-2023-27588 | High | 7.5 | 2023-03-14 | Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prio… |
CVE-2022-24785 | High | 7.5 | 2022-04-04 | Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users o… |
CVE-2021-35027 | High | 7.5 | 2021-09-29 | A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive inform… |
CVE-2023-20090 | Medium | 6.7 | 2024-11-15 | A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This v… |
CVE-2023-20131 | Medium | 6.5 | 2023-04-05 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow… |
CVE-2023-20130 | Medium | 6.5 | 2023-04-05 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow… |
CVE-2023-20129 | Medium | 6.5 | 2023-04-05 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow… |
CVE-2023-20127 | Medium | 6.5 | 2023-04-05 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow… |
CVE-2026-20018 | Medium | 5.9 | 2026-03-04 | A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software… |
CVE-2024-7458 | Medium | 5.5 | 2024-08-04 | A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /ap… |
CVE-2025-58292 | Low | 3.3 | 2025-10-11 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. |
CVE-2025-66518 | | 2026-01-05 | Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local… |