Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35744 | 1 Upunzipper Project | 1 Upunzipper | 2024-11-21 | N/A | 8.6 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0. | |||||
| CVE-2024-35743 | 1 Sc Filechecker Project | 1 Sc Filechecker | 2024-11-21 | N/A | 8.6 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6. | |||||
| CVE-2024-35712 | 1 Meowapps | 1 Database Cleaner | 2024-11-21 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. | |||||
| CVE-2024-35677 | 1 Stylemixthemes | 1 Mega Menu | 2024-11-21 | N/A | 9.0 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12. | |||||
| CVE-2024-35658 | 1 Themehigh | 1 Checkout Field Editor For Woocommerce | 2024-11-21 | N/A | 8.6 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2. | |||||
| CVE-2024-35634 | 1 Wow-company | 1 Woocommerce - Recent Purchases | 2024-11-21 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1. | |||||
| CVE-2024-35474 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. | |||||
| CVE-2024-35429 | 1 Zkteco | 1 Zkbio Cvsecurity | 2024-11-21 | N/A | 6.5 MEDIUM |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. | |||||
| CVE-2024-35324 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php. | |||||
| CVE-2024-35219 | 2024-11-21 | N/A | 8.3 HIGH | ||
| OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available. | |||||
| CVE-2024-35205 | 2024-11-21 | N/A | 7.8 HIGH | ||
| The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID. | |||||
| CVE-2024-35162 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server. | |||||
| CVE-2024-35081 | 2024-11-21 | N/A | 7.5 HIGH | ||
| LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method. | |||||
| CVE-2024-34854 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.` | |||||
| CVE-2024-34832 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. | |||||
| CVE-2024-34808 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0. | |||||
| CVE-2024-34762 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10. | |||||
| CVE-2024-34712 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url `/api/v10/channels/{id}`, and deleting a channel rather than removing a ban. Version 1.10.4 fixes this issue. Some workarounds are available. One may sanitize user input, ensuring strings are valid for the purpose they are being used for. One may also encode input with `encodeURIComponent` before providing it to the library. | |||||
| CVE-2024-34554 | 1 Select-themes | 1 Stockholm Core | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through 2.4.1. | |||||
| CVE-2024-34552 | 1 Select-themes | 1 Stockholm | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6. | |||||