Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49258 | 2024-10-16 | 6.5 Medium | ||
| Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | ||||
| CVE-2024-45248 | 1 Multi-dnc | 1 Multi-dnc | 2024-10-07 | 7.5 High |
| Multi-DNC – CWE-35: Path Traversal: '.../...//' | ||||
| CVE-2023-39916 | 1 Nlnetlabs | 1 Routinator | 2024-09-25 | 9.3 Critical |
| NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. | ||||
| CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2024-09-16 | 9.8 Critical |
| The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | ||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2024-09-16 | 7.5 High |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | ||||
| CVE-2024-0113 | 1 Nvidia | 9 Mellanox Os, Mellanox Os Firmware, Metrox-2 and 6 more | 2024-09-11 | 7.5 High |
| NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | ||||
| CVE-2024-27901 | 2024-09-06 | 7.2 High | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2024-34191 | 2024-08-29 | 6.5 Medium | ||
| htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request. | ||||
| CVE-2024-7608 | 2024-08-28 | 5.9 Medium | ||
| An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | ||||
| CVE-2024-45190 | 1 Mage | 1 Mage-ai | 2024-08-26 | 6.5 Medium |
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | ||||
| CVE-2024-1886 | 2024-08-08 | 3 Low | ||
| This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | ||||
| CVE-2022-48476 | 1 Jetbrains | 1 Ktor | 2024-08-03 | 7.5 High |
| In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | ||||
| CVE-2022-46826 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 6.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | ||||
| CVE-2022-36928 | 1 Zoom | 1 Zoom | 2024-08-03 | 6.1 Medium |
| Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory. | ||||
| CVE-2022-24774 | 1 Cyclonedx | 1 Bill Of Materials Repository Server | 2024-08-03 | 7.1 High |
| CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`. | ||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2024-08-03 | 7.5 High |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | ||||
| CVE-2023-47279 | 1 Deltaww | 1 Infrasuite Device Master | 2024-08-02 | 7.5 High |
| In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | ||||
| CVE-2023-46690 | 1 Deltaww | 1 Infrasuite Device Master | 2024-08-02 | 8.8 High |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | ||||
| CVE-2023-41793 | 2024-08-02 | 6.7 Medium | ||
| : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. | ||||
| CVE-2023-5885 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-08-02 | 6.5 Medium |
| The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | ||||