Total
6432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1082 | 2024-08-01 | 6.3 Medium | ||
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-0980 | 2024-08-01 | 7.1 High | ||
| The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code. | ||||
| CVE-2024-0989 | 1 Kuerp Project | 1 Kuerp | 2024-08-01 | 5.4 Medium |
| A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0818 | 2024-08-01 | N/A | ||
| Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 | ||||
| CVE-2024-0844 | 1 Felixmoira | 1 Popup More Popups\, Lightboxes\, And More Popup Modules | 2024-08-01 | 4.7 Medium |
| The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-0697 | 1 Softaculous | 1 Backuply | 2024-08-01 | 6.5 Medium |
| The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-0380 | 1 Bootstrapped | 1 Wp Recipe Maker | 2024-08-01 | 5.4 Medium |
| The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting. | ||||
| CVE-2024-0354 | 1 Unknown-o | 1 Download-station | 2024-08-01 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability. | ||||
| CVE-2024-0341 | 1 Inis Project | 1 Inis | 2024-08-01 | 3.5 Low |
| A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. | ||||
| CVE-2021-20095 | 1 Redhat | 2 Enterprise Linux, Rhel Software Collections | 2023-11-07 | 7.8 High |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | ||||
| CVE-2020-24741 | 2023-11-07 | 7.8 High | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2017-7516 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||