Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-36857 | 1 Homebrew | 1 Jan | 2024-11-21 | N/A | 7.5 HIGH |
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. | |||||
CVE-2024-35431 | 2024-11-21 | N/A | 7.5 HIGH | ||
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. | |||||
CVE-2024-35429 | 1 Zkteco | 1 Zkbio Cvsecurity | 2024-11-21 | N/A | 6.5 MEDIUM |
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. | |||||
CVE-2024-2044 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution. | |||||
CVE-2024-28088 | 2024-11-21 | N/A | 8.1 HIGH | ||
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.) | |||||
CVE-2024-25840 | 2024-11-21 | N/A | 7.5 HIGH | ||
In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. | |||||
CVE-2024-24998 | 2024-11-21 | N/A | 8.8 HIGH | ||
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-22723 | 2024-11-21 | N/A | 4.9 MEDIUM | ||
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system. | |||||
CVE-2023-35860 | 1 Moderncampus | 1 Omni Cms | 2024-11-21 | N/A | 5.3 MEDIUM |
A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php. | |||||
CVE-2019-6268 | 2024-11-21 | N/A | 7.5 HIGH | ||
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. | |||||
CVE-2024-41376 | 2024-08-06 | N/A | 8.8 HIGH | ||
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. |