Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6825 | 1 Mndpsingh287 | 1 File Manager | 2025-01-21 | N/A | 9.9 CRITICAL |
| The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users. | |||||
| CVE-2024-28976 | 1 Dell | 1 Repository Manager | 2025-01-21 | N/A | 7.8 HIGH |
| Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application. | |||||
| CVE-2024-28977 | 1 Dell | 1 Repository Manager | 2025-01-21 | N/A | 5.5 MEDIUM |
| Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application. | |||||
| CVE-2024-27764 | 1 Jeewms | 1 Jeewms | 2025-01-21 | N/A | 9.8 CRITICAL |
| An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. | |||||
| CVE-2024-22723 | 1 Webtrees | 1 Webtrees | 2025-01-21 | N/A | 4.9 MEDIUM |
| Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system. | |||||
| CVE-2024-28222 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-01-21 | N/A | 9.8 CRITICAL |
| In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. | |||||
| CVE-2024-3484 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 9.8 CRITICAL |
| Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. | |||||
| CVE-2024-27765 | 1 Jeewms | 1 Jeewms | 2025-01-21 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. | |||||
| CVE-2009-1936 | 1 Cpcommerce Project | 1 Cpcommerce | 2025-01-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500. | |||||
| CVE-2025-0615 | 2025-01-21 | N/A | N/A | ||
| Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted. | |||||
| CVE-2025-0614 | 2025-01-21 | N/A | N/A | ||
| Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted. | |||||
| CVE-2024-35274 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-17 | N/A | 2.3 LOW |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. | |||||
| CVE-2024-1358 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-17 | N/A | 6.5 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information. | |||||
| CVE-2023-28408 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2025-01-17 | N/A | 9.8 CRITICAL |
| Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. | |||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | N/A | 8.8 HIGH |
| Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise. | |||||
| CVE-2024-26129 | 1 Prestashop | 1 Prestashop | 2025-01-17 | N/A | 5.3 MEDIUM |
| PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4. | |||||
| CVE-2007-4559 | 1 Python | 1 Python | 2025-01-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. | |||||
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 9.8 CRITICAL |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | |||||
| CVE-2024-13180 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.5 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | |||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 9.8 CRITICAL |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | |||||