Total
6822 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41936 | 1 Vonets | 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more | 2024-08-21 | 7.5 High |
| A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication. | ||||
| CVE-2024-7741 | 2 Ltcms, Wanglongcn | 2 Ltcms, Ltcms | 2024-08-21 | 5.3 Medium |
| A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43022 | 1 Tosei | 1 Online Store Management System | 2024-08-21 | 7.5 High |
| An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. | ||||
| CVE-2024-7924 | 1 Zzcms | 1 Zzcms | 2024-08-21 | 5.3 Medium |
| A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43232 | 1 Wponlinesupport | 1 Timeline And History Slider | 2024-08-21 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3. | ||||
| CVE-2024-6618 | 2 Aveva, Ocean Data Systems | 2 Reports For Operations 2023, Dream Report 2023 | 2024-08-20 | N/A |
| In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL). | ||||
| CVE-2024-43399 | 2 Mobsf, Opensecurity | 2 Mobile Security Framework, Mobile Security Framework | 2024-08-20 | 8 High |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7. | ||||
| CVE-2024-43345 | 2024-08-20 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0. | ||||
| CVE-2024-43328 | 1 Wpdeveloper | 1 Embedpress | 2024-08-20 | 8.3 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9. | ||||
| CVE-2024-43271 | 1 Themelocation | 1 Widgets For Woocommerce Products On Elementor | 2024-08-20 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. | ||||
| CVE-2024-43281 | 2024-08-19 | 5.3 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3. | ||||
| CVE-2024-43221 | 1 Crocoblock | 1 Jetgridbuilder | 2024-08-19 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2. | ||||
| CVE-2024-6781 | 2 Calibre, Calibre-ebook | 2 Calibre, Calibre | 2024-08-19 | 7.5 High |
| Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. | ||||
| CVE-2024-43395 | 1 Jackmacwindows | 1 Craftos-pc 2 | 2024-08-19 | 8.2 High |
| CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue. | ||||
| CVE-2024-43011 | 1 Zzcms | 1 Zzcms | 2024-08-19 | 4.9 Medium |
| An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system. | ||||
| CVE-2023-5505 | 2024-08-19 | 6.8 Medium | ||
| The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site. | ||||
| CVE-2024-7146 | 1 Crocoblock | 1 Jettabs For Elementor | 2024-08-19 | 8.8 High |
| The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-43373 | 2 J4k0xb, Microsoft | 2 Webcrack, Windows | 2024-08-16 | 7.7 High |
| webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1. | ||||
| CVE-2024-43044 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-08-16 | 8.8 High |
| Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. | ||||
| CVE-2024-38652 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 9.1 Critical |
| Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | ||||