Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34645 | 1 Jflyfox | 1 Jfinal Cms | 2024-12-17 | N/A | 7.5 HIGH |
|
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
|
|||||
| CVE-2023-42791 | 1 Fortinet | 1 Fortimanager | 2024-12-16 | N/A | 8.8 HIGH |
|
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
|
|||||
| CVE-2024-55970 | 2024-12-16 | N/A | 7.5 HIGH | ||
|
File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734.
|
|||||
| CVE-2024-36362 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
|
|||||
| CVE-2024-54380 | 2024-12-16 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1.
|
|||||
| CVE-2024-54375 | 2024-12-16 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0.
|
|||||
| CVE-2024-54374 | 2024-12-16 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6.
|
|||||
| CVE-2024-54373 | 2024-12-16 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris Gårdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0.
|
|||||
| CVE-2024-12482 | 1 Cjbi | 1 Wetech-cms | 2024-12-13 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about ...
Show More |
|||||
| CVE-2024-54259 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS GmbH DELUCKS SEO allows Path Traversal.This issue affects DELUCKS SEO: from n/a through 2.5.5.
|
|||||
| CVE-2024-2434 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 8.5 HIGH |
|
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
|
|||||
| CVE-2024-55587 | 2024-12-12 | N/A | 8.8 HIGH | ||
|
python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
|
|||||
| CVE-2024-27821 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-12 | N/A | 4.7 MEDIUM |
|
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.
|
|||||
| CVE-2024-27810 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-12 | N/A | 5.5 MEDIUM |
|
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.
|
|||||
| CVE-2023-35844 | 1 Lightdash | 1 Lightdash | 2024-12-12 | N/A | 7.5 HIGH |
|
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
|
|||||
| CVE-2023-35843 | 1 Nocodb | 1 Nocodb | 2024-12-12 | N/A | 7.5 HIGH |
|
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
|
|||||
| CVE-2023-35840 | 1 Std42 | 1 Elfinder | 2024-12-12 | N/A | 6.5 MEDIUM |
|
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
|
|||||
| CVE-2024-53523 | 2024-12-11 | N/A | 7.5 HIGH | ||
|
JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function.
|
|||||
| CVE-2024-53490 | 2024-12-11 | N/A | 7.5 HIGH | ||
|
Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java.
|
|||||
| CVE-2023-50955 | 1 Ibm | 1 Infosphere Information Server | 2024-12-10 | N/A | 2.4 LOW |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.
|
|||||
| CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | N/A | 9.8 CRITICAL |
|
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
|
|||||
| CVE-2024-11010 | 2024-12-10 | N/A | 7.2 HIGH | ||
|
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server, allowing the execution of any JavaScript code in those files. This can be used to bypass access controls, obtain sensitive data, or achie ...
Show More |
|||||
| CVE-2024-27827 | 1 Apple | 1 Macos | 2024-12-09 | N/A | 5.5 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files.
|
|||||
| CVE-2024-53790 | 2024-12-09 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5.
|
|||||
| CVE-2024-10516 | 2024-12-06 | N/A | 8.1 HIGH | ||
|
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
|
|||||
| CVE-2023-5189 | 1 Redhat | 2 Ansible Automation Platform, Satellite | 2024-12-06 | N/A | 6.3 MEDIUM |
|
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
|
|||||
| CVE-2023-5115 | 2 Debian, Redhat | 5 Debian Linux, Ansible Automation Platform, Ansible Developer and 2 more | 2024-12-06 | N/A | 6.3 MEDIUM |
|
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
|
|||||
| CVE-2024-11585 | 2024-12-06 | N/A | 7.5 HIGH | ||
|
The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.
|
|||||
| CVE-2024-11664 | 1 Enms | 1 Enms | 2024-12-04 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2024-54132 | 2024-12-04 | N/A | N/A | ||
|
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the ...
Show More |
|||||
| CVE-2024-11952 | 2024-12-04 | N/A | 7.5 HIGH | ||
|
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or ...
Show More |
|||||
| CVE-2024-21400 | 1 Microsoft | 1 Confidental Containers | 2024-11-29 | N/A | 9.0 CRITICAL |
|
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-11992 | 2024-11-29 | N/A | 9.1 CRITICAL | ||
|
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input.
|
|||||
| CVE-2024-46939 | 2024-11-28 | N/A | N/A | ||
|
The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
|
|||||
| CVE-2024-52787 | 2024-11-27 | N/A | 9.1 CRITICAL | ||
|
An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.
|
|||||
| CVE-2023-6190 | 1 Ikcu | 1 University Information Management System | 2024-11-27 | N/A | 9.8 CRITICAL |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.
|
|||||
| CVE-2024-53844 | 2024-11-26 | N/A | 6.3 MEDIUM | ||
|
E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in `RestExportService.java`. This vulnerability allows an attacker to access sensitive files on the server by manipulating the `botFilename` parameter in requests. The application fails to sanitize user input, enabling malicious inputs such as `..%2f..%2fetc%2fpasswd` to access arbitrary files. However, the ...
Show More |
|||||
| CVE-2024-20379 | 1 Cisco | 2 Firepower Management Center, Secure Firewall Management Center | 2024-11-26 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successf ...
Show More |
|||||
| CVE-2019-12691 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass Cisco FMC Soft ...
Show More |
|||||
| CVE-2020-3550 | 1 Cisco | 2 Firepower Threat Defense, Secure Firewall Management Center | 2024-11-26 | 5.5 MEDIUM | 8.1 HIGH |
|
A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an s ...
Show More |
|||||