Vulnerabilities (CVE)

Filtered by CWE-31
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-36857 1 Homebrew 1 Jan 2024-11-21 N/A 7.5 HIGH
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
CVE-2024-35431 2024-11-21 N/A 7.5 HIGH
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server.
CVE-2024-35429 1 Zkteco 1 Zkbio Cvsecurity 2024-11-21 N/A 6.5 MEDIUM
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
CVE-2024-2044 2024-11-21 N/A 9.9 CRITICAL
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
CVE-2024-28088 2024-11-21 N/A 8.1 HIGH
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
CVE-2024-25840 2024-11-21 N/A 7.5 HIGH
In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
CVE-2024-24998 2024-11-21 N/A 8.8 HIGH
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-22723 2024-11-21 N/A 4.9 MEDIUM
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.
CVE-2023-35860 1 Moderncampus 1 Omni Cms 2024-11-21 N/A 5.3 MEDIUM
A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php.
CVE-2019-6268 2024-11-21 N/A 7.5 HIGH
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
CVE-2024-41376 2024-08-06 N/A 8.8 HIGH
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.