Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27984 | 2024-11-21 | N/A | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | ||||
| CVE-2024-27977 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | ||||
| CVE-2024-27976 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-27971 | 1 Premmerce | 1 Permalink Manager For Woocommerce | 2024-11-21 | 8.3 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10. | ||||
| CVE-2024-27954 | 1 Wp Automatic | 1 Automatic | 2024-11-21 | 9.3 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | ||||
| CVE-2024-27776 | 2024-11-21 | 9.8 Critical | ||
| MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE | ||||
| CVE-2024-27575 | 1 Inotec | 1 Gmbh Webserver | 2024-11-21 | 7.5 High |
| INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI. | ||||
| CVE-2024-27279 | 2024-11-21 | 6.5 Medium | ||
| Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files. | ||||
| CVE-2024-27121 | 2024-11-21 | 7.2 High | ||
| Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section. | ||||
| CVE-2024-25859 | 2024-11-21 | 7.1 High | ||
| A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. | ||||
| CVE-2024-25830 | 2024-11-21 | 9.8 Critical | ||
| F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | ||||
| CVE-2024-25614 | 2024-11-21 | 5.5 Medium | ||
| There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. | ||||
| CVE-2024-25567 | 2024-11-21 | 8.1 High | ||
| Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. | ||||
| CVE-2024-25461 | 2024-11-21 | 7.5 High | ||
| Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. | ||||
| CVE-2024-25386 | 2024-11-21 | 8.8 High | ||
| Directory Traversal vulnerability in DICOMĀ® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. | ||||
| CVE-2024-25164 | 2024-11-21 | 7.5 High | ||
| iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. | ||||
| CVE-2024-25136 | 2024-11-21 | 7.5 High | ||
| There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. | ||||
| CVE-2024-25125 | 1 Treasuredata | 1 Digdag | 2024-11-21 | 5.3 Medium |
| Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-25006 | 2024-11-21 | 8.1 High | ||
| XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. | ||||
| CVE-2024-25000 | 2024-11-21 | N/A | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||