Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8291 | 1 Concretecms | 1 Concrete Cms | 2025-01-17 | 4.8 Medium |
| Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC). | ||||
| CVE-2024-35274 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-17 | 2.2 Low |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. | ||||
| CVE-2024-1358 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-17 | 8.8 High |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information. | ||||
| CVE-2023-28408 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2025-01-17 | 9.8 Critical |
| Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. | ||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | 8.8 High |
| Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise. | ||||
| CVE-2024-26129 | 1 Prestashop | 1 Prestashop | 2025-01-17 | 5.8 Medium |
| PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4. | ||||
| CVE-2007-4559 | 2 Python, Redhat | 4 Python, Enterprise Linux, Rhel Eus and 1 more | 2025-01-17 | 9.8 Critical |
| Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. | ||||
| CVE-2022-4636 | 1 Blackbox | 10 Acr1000a-r-r2, Acr1000a-r-r2 Firmware, Acr1000a-t-r2 and 7 more | 2025-01-16 | 7.5 High |
| Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion. | ||||
| CVE-2022-2893 | 1 Ronds | 1 Equipment Predictive Maintenance | 2025-01-16 | 8.2 High |
| RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. | ||||
| CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2025-01-16 | 9.3 Critical |
| The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | ||||
| CVE-2023-1134 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.1 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. | ||||
| CVE-2023-1142 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.5 High |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | ||||
| CVE-2023-0956 | 1 Tel-ster | 1 Telwin Scada Webinterface | 2025-01-16 | 7.5 High |
| External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. | ||||
| CVE-2023-38256 | 1 Doverfuelingsolutions | 2 Maglink Lx 3, Maglink Lx Web Console Configuration | 2025-01-16 | 6.8 Medium |
| Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system. | ||||
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | ||||
| CVE-2024-13180 | 1 Ivanti | 1 Avalanche | 2025-01-16 | 7.5 High |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | ||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | ||||
| CVE-2023-26215 | 1 Tibco | 1 Ebx Add-ons | 2025-01-16 | 7.7 High |
| The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | ||||
| CVE-2023-26216 | 1 Tibco | 1 Ebx Add-ons | 2025-01-16 | 9.1 Critical |
| The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | ||||
| CVE-2023-31861 | 1 Zlmediakit | 1 Zlmediakit | 2025-01-16 | 7.5 High |
| ZLMediaKit 4.0 is vulnerable to Directory Traversal. | ||||