Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43955 | 1 Themeum | 1 Droip | 2024-08-30 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. | |||||
| CVE-2024-6255 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-08-30 | N/A | 9.1 CRITICAL |
| A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption. | |||||
| CVE-2024-45436 | 1 Ollama | 1 Ollama | 2024-08-30 | N/A | 7.5 HIGH |
| extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. | |||||
| CVE-2024-24482 | 2 Apktool, Microsoft | 2 Apktool, Windows | 2024-08-29 | N/A | 9.8 CRITICAL |
| Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | |||||
| CVE-2024-5865 | 1 Delinea | 1 Privileged Access Service | 2024-08-29 | N/A | 6.5 MEDIUM |
| Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch. | |||||
| CVE-2024-5866 | 1 Delinea | 1 Privileged Access Service | 2024-08-29 | N/A | 4.3 MEDIUM |
| Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch. | |||||
| CVE-2024-37266 | 1 Themeum | 1 Tutor Lms | 2024-08-29 | N/A | 7.2 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1. | |||||
| CVE-2024-37268 | 1 Kaptinlin | 1 Striking | 2024-08-29 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4. | |||||
| CVE-2024-37419 | 1 Codeless | 1 Cowidgets | 2024-08-29 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. | |||||
| CVE-2024-37437 | 1 Elementor | 1 Website Builder | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1. | |||||
| CVE-2024-37454 | 1 Awsm | 1 Awsm Team | 2024-08-29 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1. | |||||
| CVE-2024-37520 | 1 Radiustheme | 1 Shopbuilder | 2024-08-29 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.12. | |||||
| CVE-2024-37462 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2024-08-29 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2. | |||||
| CVE-2024-43140 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2024-08-29 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4. | |||||
| CVE-2024-42408 | 1 Dorsettcontrols | 1 Infoscan | 2024-08-29 | N/A | 3.7 LOW |
| The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. | |||||
| CVE-2023-46455 | 1 Gl-inet | 2 Gl-ar300m, Gl-ar300m Firmware | 2024-08-28 | N/A | 7.5 HIGH |
| In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. | |||||
| CVE-2023-3406 | 1 M-files | 1 Classic Web | 2024-08-28 | N/A | 6.5 MEDIUM |
| Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | |||||
| CVE-2024-5182 | 1 Mudler | 1 Localai | 2024-08-27 | N/A | 9.1 CRITICAL |
| A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter. | |||||
| CVE-2024-22514 | 1 Ispyconnect | 1 Agent Dvr | 2024-08-26 | N/A | 8.8 HIGH |
| An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | |||||
| CVE-2024-7782 | 1 Bitapps | 1 Contact Form Builder | 2024-08-26 | N/A | 6.5 MEDIUM |
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||