Total
122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56049 | 2024-12-18 | N/A | 8.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||
| CVE-2024-54313 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
| Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | |||||
| CVE-2024-21575 | 2024-12-12 | N/A | 8.6 HIGH | ||
| ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE). | |||||
| CVE-2024-52498 | 2024-11-28 | N/A | 7.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0. | |||||
| CVE-2024-50054 | 2024-11-22 | N/A | 7.5 HIGH | ||
| The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | |||||
| CVE-2024-52447 | 2024-11-21 | N/A | 8.6 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1. | |||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | |||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | N/A | 7.5 HIGH |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |||||
| CVE-2024-27901 | 2024-11-21 | N/A | 7.2 HIGH | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2024-1886 | 2024-11-21 | N/A | 3.0 LOW | ||
| This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | |||||
| CVE-2023-6252 | 1 Hyphensolutions | 1 Chameleon Power | 2024-11-21 | N/A | 7.5 HIGH |
| Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files. | |||||
| CVE-2023-5885 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | |||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-46690 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | |||||
| CVE-2023-32714 | 1 Splunk | 2 Splunk, Splunk App For Lookup File Editing | 2024-11-21 | N/A | 8.1 HIGH |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | |||||
| CVE-2023-21418 | 1 Axis | 4 Axis Os, Axis Os 2018, Axis Os 2020 and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21417 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-21 | N/A | 7.1 HIGH |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21416 | 1 Axis | 2 Axis Os, Axis Os 2022 | 2024-11-21 | N/A | 7.1 HIGH |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21415 | 1 Axis | 5 Axis Os, Axis Os 2016, Axis Os 2018 and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2022-48476 | 1 Jetbrains | 1 Ktor | 2024-11-21 | N/A | 7.5 HIGH |
| In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | |||||