Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28977 | 1 Dell | 1 Repository Manager | 2025-01-21 | N/A | 3.3 LOW |
| Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application. | |||||
| CVE-2024-27764 | 1 Jeewms | 1 Jeewms | 2025-01-21 | N/A | 9.8 CRITICAL |
| An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. | |||||
| CVE-2024-22723 | 1 Webtrees | 1 Webtrees | 2025-01-21 | N/A | 4.9 MEDIUM |
| Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system. | |||||
| CVE-2024-28222 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-01-21 | N/A | 9.8 CRITICAL |
| In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. | |||||
| CVE-2024-3484 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.7 MEDIUM |
| Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. | |||||
| CVE-2024-27765 | 1 Jeewms | 1 Jeewms | 2025-01-21 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. | |||||
| CVE-2025-0615 | 2025-01-21 | N/A | 5.3 MEDIUM | ||
| Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted. | |||||
| CVE-2025-0614 | 2025-01-21 | N/A | 5.3 MEDIUM | ||
| Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted. | |||||
| CVE-2024-27317 | 1 Apache | 1 Pulsar | 2025-01-19 | N/A | 8.4 HIGH |
| In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the zip files, which aren't properly validated, contain special elements like "..", altering the directory path. This could allow an attacker to create or modify files outside of the designated extraction directory, potentially influencing system behavior. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. | |||||
| CVE-2024-8291 | 1 Concretecms | 1 Concrete Cms | 2025-01-17 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC). | |||||
| CVE-2024-35274 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-17 | N/A | 2.3 LOW |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. | |||||
| CVE-2024-1358 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-17 | N/A | 8.8 HIGH |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information. | |||||
| CVE-2023-28408 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2025-01-17 | N/A | 9.8 CRITICAL |
| Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. | |||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | N/A | 8.8 HIGH |
| Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise. | |||||
| CVE-2024-26129 | 1 Prestashop | 1 Prestashop | 2025-01-17 | N/A | 5.8 MEDIUM |
| PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4. | |||||
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | |||||
| CVE-2024-13180 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.5 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | |||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | |||||
| CVE-2023-26215 | 1 Tibco | 1 Ebx Add-ons | 2025-01-16 | N/A | 7.7 HIGH |
| The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | |||||
| CVE-2023-31861 | 1 Zlmediakit | 1 Zlmediakit | 2025-01-16 | N/A | 7.5 HIGH |
| ZLMediaKit 4.0 is vulnerable to Directory Traversal. | |||||