Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39036 | 1 Seacms | 1 Seacms | 2024-08-21 | N/A | 6.5 MEDIUM |
| SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. | |||||
| CVE-2024-5018 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory . | |||||
| CVE-2024-24320 | 1 Mgt-commerce | 1 Cloudpanel | 2024-08-21 | N/A | 8.8 HIGH |
| Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. | |||||
| CVE-2024-5019 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges. | |||||
| CVE-2024-5017 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | N/A | 6.5 MEDIUM |
| In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. | |||||
| CVE-2024-37089 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-08-20 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | |||||
| CVE-2024-37092 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-08-20 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | |||||
| CVE-2024-27120 | 1 Celsiusbenelux | 1 Comfortkey | 2024-08-20 | N/A | 7.5 HIGH |
| A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2. | |||||
| CVE-2024-41936 | 1 Vonets | 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more | 2024-08-20 | N/A | 7.5 HIGH |
| A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication. | |||||
| CVE-2024-43399 | 1 Opensecurity | 1 Mobile Security Framework | 2024-08-20 | N/A | 9.8 CRITICAL |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7. | |||||
| CVE-2024-7924 | 1 Zzcms | 1 Zzcms | 2024-08-20 | N/A | 7.5 HIGH |
| A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43345 | 2024-08-20 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0. | |||||
| CVE-2024-7248 | 1 Comodo | 1 Internet Security | 2024-08-20 | N/A | 7.8 HIGH |
| Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19055. | |||||
| CVE-2024-43232 | 2024-08-19 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3. | |||||
| CVE-2024-43221 | 2024-08-19 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2. | |||||
| CVE-2024-43271 | 2024-08-19 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. | |||||
| CVE-2024-43281 | 2024-08-19 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3. | |||||
| CVE-2024-6781 | 1 Calibre-ebook | 1 Calibre | 2024-08-19 | N/A | 7.5 HIGH |
| Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. | |||||
| CVE-2024-22377 | 1 Pingidentity | 1 Pingfederate | 2024-08-19 | N/A | 5.3 MEDIUM |
| The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | |||||
| CVE-2024-43373 | 2 J4k0xb, Microsoft | 2 Webcrack, Windows | 2024-08-16 | N/A | 7.8 HIGH |
| webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1. | |||||