Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25620 | 1 Helm | 1 Helm | 2025-01-09 | N/A | 6.4 MEDIUM |
| Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies. | |||||
| CVE-2023-27640 | 1 Tshirtecommerce | 1 Custom Product Designer | 2025-01-08 | N/A | 7.5 HIGH |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023. | |||||
| CVE-2024-55550 | 1 Mitel | 1 Micollab | 2025-01-08 | N/A | 2.7 LOW |
| Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. | |||||
| CVE-2024-41713 | 1 Mitel | 1 Micollab | 2025-01-08 | N/A | 9.1 CRITICAL |
| A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. | |||||
| CVE-2023-33524 | 1 Advent | 1 Tamale Rms | 2025-01-08 | N/A | 5.3 MEDIUM |
| Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app. | |||||
| CVE-2023-34407 | 1 Harbingergroup | 1 Office Player | 2025-01-08 | N/A | 7.5 HIGH |
| OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. | |||||
| CVE-2024-43996 | 1 Wpmet | 1 Elementskit | 2025-01-08 | N/A | 6.5 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0. | |||||
| CVE-2023-34409 | 1 Percona | 1 Monitoring And Management | 2025-01-08 | N/A | 9.8 CRITICAL |
| In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. | |||||
| CVE-2025-22130 | 2025-01-08 | N/A | N/A | ||
| Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. This is patched in v0.8.2. | |||||
| CVE-2023-33747 | 1 Mgt-commerce | 1 Cloudpanel | 2025-01-08 | N/A | 7.8 HIGH |
| CloudPanel v2.2.2 allows attackers to execute a path traversal. | |||||
| CVE-2024-28088 | 1 Langchain | 1 Langchain | 2025-01-08 | N/A | 8.1 HIGH |
| LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.) | |||||
| CVE-2024-12105 | 1 Progress | 1 Whatsup Gold | 2025-01-08 | N/A | 6.5 MEDIUM |
| In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | |||||
| CVE-2024-54382 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-07 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. | |||||
| CVE-2024-12429 | 2025-01-07 | N/A | N/A | ||
| An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | |||||
| CVE-2024-56286 | 2025-01-07 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0. | |||||
| CVE-2024-12152 | 2025-01-07 | N/A | 7.5 HIGH | ||
| The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2024-12849 | 2025-01-07 | N/A | 7.5 HIGH | ||
| The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2023-30198 | 1 Webbax | 1 Winbizpayment | 2025-01-06 | N/A | 7.5 HIGH |
| Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. | |||||
| CVE-2024-12793 | 1 Pbootcms | 1 Pbootcms | 2025-01-06 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-1703 | 1 Crmeb | 1 Crmeb | 2025-01-03 | N/A | 5.3 MEDIUM |
| A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||