Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33690 | 1 Sonicjs | 1 Sonicjs | 2025-01-08 | 6.5 Medium |
| SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | ||||
| CVE-2023-3031 | 1 Webbax | 1 King-avis | 2025-01-08 | 4.9 Medium |
| Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. | ||||
| CVE-2023-34407 | 1 Harbingergroup | 1 Office Player | 2025-01-08 | 7.5 High |
| OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. | ||||
| CVE-2024-43996 | 1 Wpmet | 1 Elementskit | 2025-01-08 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0. | ||||
| CVE-2023-34409 | 1 Percona | 1 Monitoring And Management | 2025-01-08 | 9.8 Critical |
| In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. | ||||
| CVE-2023-33747 | 1 Mgt-commerce | 1 Cloudpanel | 2025-01-08 | 7.8 High |
| CloudPanel v2.2.2 allows attackers to execute a path traversal. | ||||
| CVE-2024-28088 | 1 Langchain | 1 Langchain | 2025-01-08 | 8.1 High |
| LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.) | ||||
| CVE-2024-37464 | 1 Wpzoom | 1 Beaver Builder Addons | 2025-01-08 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5. | ||||
| CVE-2024-25693 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-01-08 | 9.9 Critical |
| There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. | ||||
| CVE-2024-12105 | 1 Progress | 1 Whatsup Gold | 2025-01-08 | 6.5 Medium |
| In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | ||||
| CVE-2025-21622 | 2025-01-07 | 7.5 High | ||
| ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL path exists within the avatars directory, ClipBucket will delete it. There is no check for path traversal sequences in the provided user input (stored in the DB as avatar_url) therefore the final $file variable could be tainted with path traversal sequences. This leads to file deletion outside of the intended scope of the avatars folder. This vulnerability is fixed in 5.5.1 - 237. | ||||
| CVE-2024-54382 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-07 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. | ||||
| CVE-2024-12429 | 2025-01-07 | 4.3 Medium | ||
| An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | ||||
| CVE-2025-21623 | 2025-01-07 | 7.5 High | ||
| ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | ||||
| CVE-2024-12849 | 2025-01-07 | 7.5 High | ||
| The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2023-33510 | 1 Jeecg P3 Biz Chat Project | 1 Jeecg P3 Biz Chat | 2025-01-07 | 7.5 High |
| Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | ||||
| CVE-2024-12152 | 2025-01-07 | 7.5 High | ||
| The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-56286 | 2025-01-07 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0. | ||||
| CVE-2024-12425 | 2025-01-07 | 2.8 Low | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4. | ||||
| CVE-2024-24992 | 1 Ivanti | 1 Avalanche | 2025-01-07 | N/A |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||