Total
6467 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25461 | 2024-08-15 | 7.5 High | ||
Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. | ||||
CVE-2024-38652 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 9.1 Critical |
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | ||||
CVE-2024-25125 | 2024-08-14 | 5.3 Medium | ||
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-41938 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 5.5 Medium |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | ||||
CVE-2023-47246 | 1 Sysaid | 1 Sysaid | 2024-08-14 | 9.8 Critical |
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | ||||
CVE-2023-35860 | 1 Moderncampus | 1 Omni Cms | 2024-08-14 | 5.3 Medium |
A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php. | ||||
CVE-2024-27318 | 2024-08-14 | 7.5 High | ||
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882. | ||||
CVE-2024-39399 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | 7.7 High |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. | ||||
CVE-2024-33535 | 1 Zimbra | 1 Collaboration | 2024-08-14 | 7.5 High |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory. | ||||
CVE-2024-25830 | 2024-08-13 | 9.8 Critical | ||
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | ||||
CVE-2024-23946 | 1 Apache | 1 Ofbiz | 2024-08-13 | 5.3 Medium |
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue. | ||||
CVE-2023-7249 | 1 Opentext | 1 Directory Services | 2024-08-13 | 9.8 Critical |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. | ||||
CVE-2024-7399 | 2 Samsung, Samsung Electronics | 2 Magicinfo 9 Server, Magicinfo 9 Server | 2024-08-13 | 8.8 High |
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | ||||
CVE-2024-37129 | 1 Dell | 6 Alienware Update, Command Update, Inventory Collector and 3 more | 2024-08-13 | 6.7 Medium |
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. | ||||
CVE-2024-23787 | 2024-08-13 | 7.5 High | ||
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. | ||||
CVE-2024-39651 | 1 Wpweb | 1 Woocommerce Pdf Vouchers | 2024-08-13 | 8.6 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5. | ||||
CVE-2024-43165 | 2024-08-13 | 6.5 Medium | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8. | ||||
CVE-2022-35918 | 1 Snowflake | 1 Streamlit | 2024-08-13 | 6.5 Medium |
Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
CVE-2023-26293 | 1 Siemens | 1 Tia Portal | 2024-08-13 | 7.3 High |
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. | ||||
CVE-2024-34033 | 2024-08-12 | 8.8 High | ||
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. |