ReportizFlow
Filtered by vendor
Subscriptions
Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2025-03-25 | 7.5 High |
| Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8. | ||||
| CVE-2025-26940 | 2025-03-18 | 6.3 Medium | ||
| Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | ||||
| CVE-2024-47170 | 1 Agnai | 1 Agnai | 2025-03-13 | 4.3 Medium |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. | ||||
| CVE-2025-27274 | 2025-03-03 | 4.9 Medium | ||
| Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11. | ||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2025-02-28 | 7.5 High |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | ||||
| CVE-2023-32714 | 1 Splunk | 2 Splunk, Splunk App For Lookup File Editing | 2025-02-28 | 8.1 High |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | ||||
| CVE-2022-48476 | 1 Jetbrains | 1 Ktor | 2025-02-04 | 7.5 High |
| In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | ||||
| CVE-2025-24685 | 2025-01-27 | 8.1 High | ||
| Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18. | ||||
| CVE-2024-49249 | 2025-01-07 | 8.6 High | ||
| Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3. | ||||
| CVE-2023-7263 | 2024-12-28 | 7.3 High | ||
| Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a (CVE)ID:CVE-2023-7263 | ||||
| CVE-2024-0113 | 1 Nvidia | 12 Mellanox Os Firmware, Metrox-2 Firmware, Metrox-3 Xc Firmware and 9 more | 2024-12-26 | 7.5 High |
| NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | ||||
| CVE-2023-7300 | 2024-12-26 | 8 High | ||
| Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613) | ||||
| CVE-2024-54216 | 2024-12-20 | 7.7 High | ||
| Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. | ||||
| CVE-2024-54313 | 2024-12-13 | 6.5 Medium | ||
| Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | ||||
| CVE-2024-21575 | 2024-12-12 | 8.6 High | ||
| ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE). | ||||
| CVE-2024-52498 | 1 Softpulse Infotech | 1 Sp Blog Designer | 2024-11-29 | 7.5 High |
| Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0. | ||||
| CVE-2024-50054 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 7.5 High |
| The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | ||||
| CVE-2024-45190 | 1 Mage | 1 Mage-ai | 2024-11-25 | 6.5 Medium |
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | ||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | 8.8 High |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | ||||
| CVE-2024-27901 | 2024-11-21 | 7.2 High | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | ||||