Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7300 | 2024-12-26 | N/A | 8.0 HIGH | ||
| Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613) | |||||
| CVE-2024-54216 | 2024-12-20 | N/A | 7.7 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. | |||||
| CVE-2024-56055 | 2024-12-18 | N/A | 8.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||
| CVE-2024-56049 | 2024-12-18 | N/A | 8.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||
| CVE-2024-54313 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
| Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | |||||
| CVE-2024-21575 | 2024-12-12 | N/A | 8.6 HIGH | ||
| ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE). | |||||
| CVE-2024-52498 | 2024-11-28 | N/A | 7.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0. | |||||
| CVE-2024-45190 | 2024-11-25 | N/A | 6.5 MEDIUM | ||
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | |||||
| CVE-2024-50054 | 2024-11-22 | N/A | 7.5 HIGH | ||
| The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | |||||
| CVE-2024-52447 | 2024-11-21 | N/A | 8.6 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1. | |||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | |||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | N/A | 7.5 HIGH |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |||||
| CVE-2024-34191 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request. | |||||
| CVE-2024-27901 | 2024-11-21 | N/A | 7.2 HIGH | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2024-1886 | 2024-11-21 | N/A | 3.0 LOW | ||
| This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | |||||
| CVE-2023-6252 | 1 Hyphensolutions | 1 Chameleon Power | 2024-11-21 | N/A | 7.5 HIGH |
| Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files. | |||||
| CVE-2023-5885 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | |||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-46690 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | |||||
| CVE-2023-41793 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. | |||||