Total
6822 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44825 | 1 Invesalius | 1 Invesalius | 2024-09-26 | 7.5 High |
| Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file. | ||||
| CVE-2024-8538 | 1 Infiniteuploads | 1 Big File Uploads | 2024-09-26 | 4.3 Medium |
| The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with author-level access and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2023-26687 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 8.8 High |
| Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on. | ||||
| CVE-2024-46645 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. | ||||
| CVE-2024-46648 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | ||||
| CVE-2024-44048 | 2024-09-26 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10. | ||||
| CVE-2024-46644 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | ||||
| CVE-2024-46649 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | ||||
| CVE-2024-46646 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | ||||
| CVE-2024-46647 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | ||||
| CVE-2023-26691 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 7.2 High |
| Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on. | ||||
| CVE-2024-45604 | 1 Contao | 1 Contao | 2024-09-25 | 4.3 Medium |
| Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-45312 | 1 Overleaf | 1 Overleaf | 2024-09-25 | 5.3 Medium |
| Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised. | ||||
| CVE-2024-21753 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-09-25 | 5.5 Medium |
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests | ||||
| CVE-2024-33109 | 2 Ergophone, Yealink | 4 Tiptel Ip 286, Tiptel Ip 286 Firmware, Sip-t28p and 1 more | 2024-09-25 | 9.9 Critical |
| Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | ||||
| CVE-2024-44190 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files. | ||||
| CVE-2024-46986 | 1 Tuzitio | 1 Camaleon Cms | 2024-09-24 | 10 Critical |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-46987 | 1 Tuzitio | 1 Camaleon Cms | 2024-09-24 | 7.7 High |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-7609 | 1 Vidco | 1 Voc Tester | 2024-09-23 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8. | ||||
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-09-21 | 9.4 Critical |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | ||||