Filtered by vendor
Subscriptions
Total
6776 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-34645 | 1 Jflyfox | 1 Jfinal Cms | 2024-12-18 | 7.5 High |
jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | ||||
CVE-2023-42791 | 1 Fortinet | 1 Fortimanager | 2024-12-17 | 8.6 High |
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
CVE-2024-54382 | 2024-12-16 | 4.9 Medium | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. | ||||
CVE-2024-11833 | 2024-12-16 | N/A | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | ||||
CVE-2024-11834 | 2024-12-16 | 9.1 Critical | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | ||||
CVE-2024-54373 | 2024-12-16 | 7.5 High | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris GĂ„rdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0. | ||||
CVE-2024-54380 | 2024-12-16 | 7.5 High | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1. | ||||
CVE-2024-54375 | 2024-12-16 | 7.5 High | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0. | ||||
CVE-2024-54374 | 2024-12-16 | 7.5 High | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6. | ||||
CVE-2024-12362 | 2024-12-16 | 4.3 Medium | ||
A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
CVE-2024-36362 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.5 Medium |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible | ||||
CVE-2024-27199 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 7.3 High |
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | ||||
CVE-2024-54489 | 1 Apple | 1 Macos | 2024-12-13 | 5.3 Medium |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code. | ||||
CVE-2024-12482 | 1 Cjbi | 1 Wetech-cms | 2024-12-13 | 4.3 Medium |
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-54259 | 2024-12-13 | 6.5 Medium | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS GmbH DELUCKS SEO allows Path Traversal.This issue affects DELUCKS SEO: from n/a through 2.5.5. | ||||
CVE-2024-30270 | 2024-12-13 | 6.2 Medium | ||
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue. | ||||
CVE-2024-27869 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2024-12-12 | 7.5 High |
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator. | ||||
CVE-2024-2434 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 8.5 High |
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read. | ||||
CVE-2024-55587 | 2024-12-12 | 8.8 High | ||
python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. | ||||
CVE-2024-55657 | 2024-12-12 | N/A | ||
SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue. |