Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47559 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 8.8 HIGH |
| Authenticated RCE via Path Traversal | |||||
| CVE-2024-47558 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 8.8 HIGH |
| Authenticated RCE via Path Traversal | |||||
| CVE-2024-47556 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 9.8 CRITICAL |
| Pre-Auth RCE via Path Traversal | |||||
| CVE-2024-47557 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | N/A | 9.8 CRITICAL |
| Pre-Auth RCE via Path Traversal | |||||
| CVE-2024-47645 | 2024-10-16 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1. | |||||
| CVE-2024-47351 | 2024-10-16 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3. | |||||
| CVE-2024-48914 | 2024-10-16 | N/A | N/A | ||
| Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`. | |||||
| CVE-2024-49245 | 2024-10-16 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0. | |||||
| CVE-2024-47841 | 1 Wikimedia | 1 Wikimedia-extensions-css | 2024-10-16 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. | |||||
| CVE-2024-39406 | 1 Adobe | 2 Commerce, Magento | 2024-10-16 | N/A | 6.8 MEDIUM |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2024-9381 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-16 | N/A | 7.2 HIGH |
| Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | |||||
| CVE-2024-47010 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 9.8 CRITICAL |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | |||||
| CVE-2024-47011 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 7.5 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | |||||
| CVE-2024-47009 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 9.8 CRITICAL |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | |||||
| CVE-2023-7260 | 1 Opentext | 1 Cx-e Voice | 2024-10-16 | N/A | 7.5 HIGH |
| Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | |||||
| CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2024-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | |||||
| CVE-2024-2624 | 1 Lollms | 1 Lollms Web Ui | 2024-10-15 | N/A | 9.8 CRITICAL |
| A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files. | |||||
| CVE-2023-48848 | 1 Ureport Project | 1 Ureport | 2024-10-15 | N/A | 7.5 HIGH |
| An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | |||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-15 | N/A | 7.5 HIGH |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |||||
| CVE-2024-7514 | 2024-10-15 | N/A | 6.5 MEDIUM | ||
| The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9 | |||||