Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37902 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
|
DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers version 0.27.0. Users are advised to upgrade.
|
|||||
| CVE-2024-37825 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
An issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (fixed in OneStop 3.2.0.27184 Hotfix May 2024) allows unauthenticated attackers on the same network to perform a directory traversal.
|
|||||
| CVE-2024-37520 | 1 Radiustheme | 1 Shopbuilder | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.12.
|
|||||
| CVE-2024-37513 | 1 Themewinter | 1 Wpcafe | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.
|
|||||
| CVE-2024-37501 | 2024-11-21 | N/A | 8.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3.
|
|||||
| CVE-2024-37497 | 2024-11-21 | N/A | 7.7 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1.
|
|||||
| CVE-2024-37462 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2.
|
|||||
| CVE-2024-37454 | 1 Awsm | 1 Awsm Team | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1.
|
|||||
| CVE-2024-37437 | 1 Elementor | 1 Website Builder | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1.
|
|||||
| CVE-2024-37419 | 1 Codeless | 1 Cowidgets | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.
|
|||||
| CVE-2024-37268 | 1 Kaptinlin | 1 Striking | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4.
|
|||||
| CVE-2024-37266 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.
|
|||||
| CVE-2024-37224 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.
|
|||||
| CVE-2024-37169 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading.
|
|||||
| CVE-2024-37092 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
|
|||||
| CVE-2024-37089 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
|
|||||
| CVE-2024-37037 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-11-21 | N/A | 8.1 HIGH |
|
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path
Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s
web interface to corrupt files and impact device functionality when sending a crafted HTTP
request.
|
|||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | N/A | 7.5 HIGH |
|
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
|
|||||
| CVE-2024-36527 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
|
|||||
| CVE-2024-36427 | 2024-11-21 | N/A | 8.1 HIGH | ||
|
The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.
|
|||||
| CVE-2024-36418 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 8.5 HIGH |
|
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
|
|||||
| CVE-2024-36267 | 2024-11-21 | N/A | 8.1 HIGH | ||
|
Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process).
|
|||||
| CVE-2024-36079 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.
|
|||||
| CVE-2024-36059 | 2024-11-21 | N/A | 9.4 CRITICAL | ||
|
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol.
|
|||||
| CVE-2024-35781 | 1 Back2nature | 1 Word Balloon | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1.
|
|||||
| CVE-2024-35778 | 1 Slideshow Se Project | 1 Slideshow Se | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17.
|
|||||
| CVE-2024-35754 | 1 Ovic Importer Project | 1 Ovic Importer | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through 1.6.3.
|
|||||
| CVE-2024-35745 | 1 Strategery-migrations Project | 1 Strategery-migrations | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0.
|
|||||
| CVE-2024-35744 | 1 Upunzipper Project | 1 Upunzipper | 2024-11-21 | N/A | 8.6 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0.
|
|||||
| CVE-2024-35743 | 1 Sc Filechecker Project | 1 Sc Filechecker | 2024-11-21 | N/A | 8.6 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6.
|
|||||
| CVE-2024-35712 | 1 Meowapps | 1 Database Cleaner | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5.
|
|||||
| CVE-2024-35677 | 1 Stylemixthemes | 1 Mega Menu | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12.
|
|||||
| CVE-2024-35658 | 1 Themehigh | 1 Checkout Field Editor For Woocommerce | 2024-11-21 | N/A | 8.6 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2.
|
|||||
| CVE-2024-35634 | 1 Wow-company | 1 Woocommerce - Recent Purchases | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1.
|
|||||
| CVE-2024-35474 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt.
|
|||||
| CVE-2024-35429 | 1 Zkteco | 1 Zkbio Cvsecurity | 2024-11-21 | N/A | 6.5 MEDIUM |
|
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
|
|||||
| CVE-2024-35219 | 2024-11-21 | N/A | 8.3 HIGH | ||
|
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No ...
Show More |
|||||
| CVE-2024-35205 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID.
|
|||||
| CVE-2024-35162 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server.
|
|||||
| CVE-2024-34832 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
|
|||||