Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11136 | 2024-11-15 | N/A | N/A | ||
| The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage. | |||||
| CVE-2024-0067 | 2024-11-08 | N/A | 4.3 MEDIUM | ||
| Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-51582 | 1 Thimpress | 1 Wp Hotel Booking | 2024-11-06 | N/A | 8.8 HIGH |
| Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4. | |||||
| CVE-2024-49770 | 2024-11-01 | N/A | N/A | ||
| `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue. | |||||
| CVE-2024-47171 | 1 Agnai | 1 Agnai | 2024-10-30 | N/A | 4.3 MEDIUM |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-47169 | 1 Agnai | 1 Agnai | 2024-10-30 | N/A | 8.8 HIGH |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-47170 | 1 Agnai | 1 Agnai | 2024-10-29 | N/A | 4.3 MEDIUM |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. | |||||
| CVE-2024-49258 | 2024-10-16 | N/A | 6.5 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | |||||
| CVE-2024-45248 | 2024-10-07 | N/A | 7.5 HIGH | ||
| Multi-DNC – CWE-35: Path Traversal: '.../...//' | |||||
| CVE-2024-0113 | 1 Nvidia | 5 Mellanox Os, Metrox-2, Metrox-3 Xc and 2 more | 2024-09-11 | N/A | 8.8 HIGH |
| NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | |||||
| CVE-2024-7608 | 2024-08-28 | N/A | 5.9 MEDIUM | ||
| An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | |||||
| CVE-2024-45190 | 2024-08-26 | N/A | 6.5 MEDIUM | ||
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | |||||