Total
6458 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-5017 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | 6.5 Medium |
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. | ||||
CVE-2024-42680 | 1 Cysoft168 | 1 Super Easy Enterprise Management System | 2024-08-21 | 5.5 Medium |
An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. | ||||
CVE-2024-37089 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-08-20 | 9 Critical |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
CVE-2024-37092 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-08-20 | 8.5 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
CVE-2023-41825 | 2024-08-20 | 2.8 Low | ||
A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. | ||||
CVE-2024-35324 | 2024-08-20 | 9.8 Critical | ||
Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php. | ||||
CVE-2024-6618 | 2 Aveva, Ocean Data Systems | 2 Reports For Operations 2023, Dream Report 2023 | 2024-08-20 | N/A |
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL). | ||||
CVE-2024-0406 | 1 Redhat | 2 Advanced Cluster Security, Openshift | 2024-08-20 | 6.1 Medium |
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library. | ||||
CVE-2024-43399 | 2 Mobsf, Opensecurity | 2 Mobile Security Framework, Mobile Security Framework | 2024-08-20 | 8 High |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7. | ||||
CVE-2024-43328 | 1 Wpdeveloper | 1 Embedpress | 2024-08-20 | 8.3 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9. | ||||
CVE-2024-43345 | 2024-08-20 | 7.5 High | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0. | ||||
CVE-2024-34193 | 2024-08-20 | 7.5 High | ||
smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading. | ||||
CVE-2024-27887 | 1 Apple | 1 Macos | 2024-08-20 | 5.5 Medium |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. | ||||
CVE-2024-7248 | 1 Comodo | 1 Internet Security | 2024-08-20 | 7.8 High |
Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19055. | ||||
CVE-2024-36079 | 2024-08-20 | 6.5 Medium | ||
An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it. | ||||
CVE-2024-35205 | 2024-08-20 | 7.8 High | ||
The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID. | ||||
CVE-2024-43271 | 1 Themelocation | 1 Widgets For Woocommerce Products On Elementor | 2024-08-20 | 8.5 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. | ||||
CVE-2024-23897 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-08-20 | 9.8 Critical |
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | ||||
CVE-2024-43281 | 2024-08-19 | 5.3 Medium | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3. | ||||
CVE-2024-43221 | 1 Crocoblock | 1 Jetgridbuilder | 2024-08-19 | 8.5 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2. |