Total
6458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23466 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-22 | 9.6 Critical |
| SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | ||||
| CVE-2024-7263 | 2 Kingsoft, Microsoft | 2 Wps Office, Windows | 2024-08-22 | 7.8 High |
| Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. | ||||
| CVE-2024-41936 | 1 Vonets | 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more | 2024-08-21 | 7.5 High |
| A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication. | ||||
| CVE-2024-7741 | 2 Ltcms, Wanglongcn | 2 Ltcms, Ltcms | 2024-08-21 | 5.3 Medium |
| A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-39036 | 1 Seacms | 1 Seacms | 2024-08-21 | 6.5 Medium |
| SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. | ||||
| CVE-2024-43022 | 1 Tosei | 1 Online Store Management System | 2024-08-21 | 7.5 High |
| An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. | ||||
| CVE-2022-25377 | 2024-08-21 | 7.5 High | ||
| The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.) | ||||
| CVE-2024-0221 | 1 10web | 1 Photo Gallery | 2024-08-21 | 9.1 Critical |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors. | ||||
| CVE-2021-22281 | 1 Br-automation | 1 Automation Studio | 2024-08-21 | 6.3 Medium |
| : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. | ||||
| CVE-2024-5018 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | 5.3 Medium |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory . | ||||
| CVE-2024-7924 | 1 Zzcms | 1 Zzcms | 2024-08-21 | 5.3 Medium |
| A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43232 | 1 Wponlinesupport | 1 Timeline And History Slider | 2024-08-21 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3. | ||||
| CVE-2024-24320 | 1 Mgt-commerce | 1 Cloudpanel | 2024-08-21 | 8.8 High |
| Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. | ||||
| CVE-2023-3675 | 2024-08-21 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051. | ||||
| CVE-2024-5019 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | 5.3 Medium |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges. | ||||
| CVE-2024-5017 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | 6.5 Medium |
| In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. | ||||
| CVE-2024-42680 | 1 Cysoft168 | 1 Super Easy Enterprise Management System | 2024-08-21 | 5.5 Medium |
| An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. | ||||
| CVE-2024-37089 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-08-20 | 9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
| CVE-2024-37092 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-08-20 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
| CVE-2023-41825 | 2024-08-20 | 2.8 Low | ||
| A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. | ||||