Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11303 | 2024-11-21 | N/A | N/A | ||
| The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2. | |||||
| CVE-2024-9675 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | |||||
| CVE-2024-48510 | 1 Dotnetzip.semverd Project | 1 Dotnetzip.semverd | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-48071 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service. | |||||
| CVE-2023-25341 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests. | |||||
| CVE-2024-52444 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPOPAL Opal Woo Custom Product Variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through 1.1.3. | |||||
| CVE-2024-52448 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebCodingPlace Ultimate Classified Listings allows PHP Local File Inclusion.This issue affects Ultimate Classified Listings: from n/a through 1.4. | |||||
| CVE-2024-52449 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through 2.1.0. | |||||
| CVE-2024-7248 | 1 Comodo | 1 Internet Security | 2024-11-21 | N/A | 7.8 HIGH |
| Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19055. | |||||
| CVE-2024-7080 | 1 Insurance Management System Project | 1 Insurance Management System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability. | |||||
| CVE-2024-6949 | 1 Gargaj | 1 Wuhu | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272071. | |||||
| CVE-2024-6885 | 2024-11-21 | N/A | 8.1 HIGH | ||
| The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2024-6791 | 1 Ni | 1 Veristand | 2024-11-21 | N/A | 7.8 HIGH |
| A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions. | |||||
| CVE-2024-6759 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A | 5.3 MEDIUM |
| When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory. | |||||
| CVE-2024-6746 | 2 Easyspider, Microsoft | 2 Easyspider, Windows | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet". | |||||
| CVE-2024-6707 | 2 Debian, Openwebui | 2 Debian Linux, Open Webui | 2024-11-21 | N/A | 8.8 HIGH |
| Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. | |||||
| CVE-2024-6255 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-11-21 | N/A | 8.2 HIGH |
| A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption. | |||||
| CVE-2024-6164 | 1 Ymc-22 | 1 Filter \& Grids | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | |||||
| CVE-2024-6127 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path. | |||||
| CVE-2024-6085 | 2024-11-21 | N/A | 8.6 HIGH | ||
| A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system. | |||||