Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41972 | 2025-02-03 | N/A | N/A | ||
| A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. | |||||
| CVE-2024-41973 | 2025-02-03 | N/A | N/A | ||
| A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. | |||||
| CVE-2025-24685 | 2025-01-27 | N/A | N/A | ||
| Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18. | |||||
| CVE-2024-49249 | 2025-01-07 | N/A | N/A | ||
| Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3. | |||||
| CVE-2024-56045 | 2024-12-31 | N/A | N/A | ||
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5. | |||||
| CVE-2024-56214 | 2024-12-31 | N/A | N/A | ||
| Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9. | |||||
| CVE-2024-56055 | 2024-12-18 | N/A | N/A | ||
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||
| CVE-2024-56049 | 2024-12-18 | N/A | N/A | ||
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||
| CVE-2024-54313 | 2024-12-13 | N/A | N/A | ||
| Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | |||||
| CVE-2024-45190 | 2024-11-25 | N/A | N/A | ||
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | |||||
| CVE-2024-52447 | 2024-11-20 | N/A | N/A | ||
| Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1. | |||||
| CVE-2024-52390 | 2024-11-19 | N/A | N/A | ||
| : Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3. | |||||
| CVE-2024-49770 | 2024-11-01 | N/A | N/A | ||
| `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue. | |||||
| CVE-2024-47169 | 1 Agnai | 1 Agnai | 2024-10-30 | N/A | 8.8 HIGH |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-49258 | 2024-10-16 | N/A | N/A | ||
| Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | |||||
| CVE-2024-45248 | 2024-10-07 | N/A | N/A | ||
| Multi-DNC – CWE-35: Path Traversal: '.../...//' | |||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2024-09-16 | N/A | 7.5 HIGH |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | |||||
| CVE-2024-7608 | 2024-08-28 | N/A | N/A | ||
| An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | |||||
| CVE-2024-27901 | 2024-04-09 | N/A | N/A | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2023-04-16 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | |||||