Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47558 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 8.8 HIGH |
|
Authenticated RCE via Path Traversal
|
|||||
| CVE-2024-47556 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 9.8 CRITICAL |
|
Pre-Auth RCE via Path Traversal
|
|||||
| CVE-2024-47557 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 9.8 CRITICAL |
|
Pre-Auth RCE via Path Traversal
|
|||||
| CVE-2024-48914 | 2024-10-16 | N/A | 9.1 CRITICAL | ||
|
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are ava ...
Show More |
|||||
| CVE-2024-47645 | 2024-10-16 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1.
|
|||||
| CVE-2024-47351 | 2024-10-16 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3.
|
|||||
| CVE-2024-49245 | 2024-10-16 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0.
|
|||||
| CVE-2024-47841 | 1 Wikimedia | 1 Wikimedia-extensions-css | 2024-10-16 | N/A | 7.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.
|
|||||
| CVE-2024-39406 | 1 Adobe | 2 Commerce, Magento | 2024-10-16 | N/A | 6.8 MEDIUM |
|
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.
|
|||||
| CVE-2024-9381 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-16 | N/A | 7.2 HIGH |
|
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
|
|||||
| CVE-2024-47011 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 7.5 HIGH |
|
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
|
|||||
| CVE-2024-47010 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 9.8 CRITICAL |
|
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
|
|||||
| CVE-2024-47009 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 9.8 CRITICAL |
|
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
|
|||||
| CVE-2023-7260 | 1 Opentext | 1 Cx-e Voice | 2024-10-16 | N/A | 7.5 HIGH |
|
Path Traversal vulnerability discovered in OpenText™ CX-E Voice,
affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.
|
|||||
| CVE-2024-7514 | 2024-10-15 | N/A | 6.5 MEDIUM | ||
|
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9
|
|||||
| CVE-2024-47563 | 1 Siemens | 1 Sinec Security Monitor | 2024-10-11 | N/A | 5.3 MEDIUM |
|
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files.
This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.
|
|||||
| CVE-2024-47949 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | N/A | 7.5 HIGH |
|
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
|
|||||
| CVE-2024-47948 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | N/A | 7.5 HIGH |
|
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
|
|||||
| CVE-2024-46446 | 1 Mecha-cms | 1 Mecha | 2024-10-11 | N/A | 9.8 CRITICAL |
|
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.
|
|||||
| CVE-2024-47818 | 2024-10-10 | N/A | 6.5 MEDIUM | ||
|
Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-36814 | 2024-10-10 | N/A | 4.9 MEDIUM | ||
|
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.
|
|||||
| CVE-2024-20449 | 1 Cisco | 1 Nexus Dashboard Fabric Controller | 2024-10-08 | N/A | 8.8 HIGH |
|
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device.
This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific conta ...
Show More |
|||||
| CVE-2024-8352 | 1 Hypestudio | 1 Social Web Suite | 2024-10-08 | N/A | 7.5 HIGH |
|
The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2024-9224 | 1 Kau-boys | 1 Hello World | 2024-10-07 | N/A | 6.5 MEDIUM |
|
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2024-44015 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16.
|
|||||
| CVE-2024-44014 | 2024-10-07 | N/A | 9.6 CRITICAL | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0.
|
|||||
| CVE-2024-9146 | 2024-10-07 | N/A | 4.9 MEDIUM | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0.
|
|||||
| CVE-2024-47324 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.
|
|||||
| CVE-2024-44016 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1.
|
|||||
| CVE-2024-44023 | 2024-10-07 | N/A | 8.1 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2.
|
|||||
| CVE-2024-47309 | 2024-10-07 | N/A | 6.6 MEDIUM | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7.
|
|||||
| CVE-2024-44018 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5.
|
|||||
| CVE-2024-44034 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2.
|
|||||
| CVE-2024-44011 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5.
|
|||||
| CVE-2024-44013 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0.
|
|||||
| CVE-2024-47323 | 2024-10-07 | N/A | 8.1 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.
|
|||||
| CVE-2024-44012 | 2024-10-07 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.
|
|||||
| CVE-2024-9301 | 1 Netflix | 1 E2nest | 2024-10-07 | N/A | 7.5 HIGH |
|
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
|
|||||
| CVE-2024-44030 | 2024-10-05 | N/A | 7.2 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.
|
|||||
| CVE-2024-7149 | 1 Themewinter | 1 Eventin | 2024-10-04 | N/A | 8.8 HIGH |
|
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in ...
Show More |
|||||