Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27175 | 2025-02-13 | 4.4 Medium | ||
| Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-25975 | 1 Hawki | 1 Hawki | 2025-02-13 | 6.5 Medium |
| The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal). | ||||
| CVE-2024-1603 | 1 Paddlepaddle | 2 Paddle, Paddlepaddle | 2025-02-13 | 7.5 High |
| paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. | ||||
| CVE-2023-38546 | 2 Haxx, Redhat | 6 Libcurl, Enterprise Linux, Jboss Core Services and 3 more | 2025-02-13 | 3.7 Low |
| This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. | ||||
| CVE-2023-0003 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Cortex Xsoar | 2025-02-13 | 6.5 Medium |
| A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. | ||||
| CVE-2023-32615 | 1 Openautomationsoftware | 1 Oas Platform | 2025-02-13 | 6.5 Medium |
| A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2025-0630 | 2025-02-12 | 6.5 Medium | ||
| Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem. | ||||
| CVE-2025-0851 | 2025-02-12 | 9.8 Critical | ||
| A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations. | ||||
| CVE-2023-2554 | 1 Bumsys Project | 1 Bumsys | 2025-02-12 | 7.2 High |
| External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. | ||||
| CVE-2023-29324 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-11 | 6.5 Medium |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2024-12058 | 2025-02-11 | 6.8 Medium | ||
| External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | ||||
| CVE-2023-0008 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-10 | 4.4 Medium |
| A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. | ||||
| CVE-2024-12875 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 4.9 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-27943 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | ||||
| CVE-2024-27944 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | ||||
| CVE-2024-27945 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | ||||
| CVE-2024-25117 | 2 Dompdf, Php | 2 Php-svg-lib, Php | 2025-02-05 | 6.8 Medium |
| php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue. | ||||
| CVE-2024-12861 | 1 Villatheme | 1 W2s | 2025-01-31 | 6.5 Medium |
| The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-43451 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-30 | 6.5 Medium |
| NTLM Hash Disclosure Spoofing Vulnerability | ||||
| CVE-2024-38029 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-29 | 7.5 High |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | ||||