Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26563 | 1 Syncfusion | 1 Nodejs File System Provider | 2024-11-21 | 9.8 Critical |
| The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server. | ||||
| CVE-2023-26526 | 2024-11-21 | 7.7 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1. | ||||
| CVE-2023-26469 | 1 Jorani | 1 Jorani | 2024-11-21 | 9.8 Critical |
| In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. | ||||
| CVE-2023-26441 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-11-21 | 5.7 Medium |
| Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known. | ||||
| CVE-2023-26152 | 1 Nbluis | 1 Static-server | 2024-11-21 | 7.5 High |
| All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. | ||||
| CVE-2023-25606 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.2 Medium |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | ||||
| CVE-2023-25050 | 2024-11-21 | 7.1 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6. | ||||
| CVE-2023-24698 | 1 Foswiki | 1 Foswiki | 2024-11-21 | 7.5 High |
| Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. | ||||
| CVE-2023-24592 | 1 Intel | 5 Advisor, Inspector, Mpi Library and 2 more | 2024-11-21 | 7.3 High |
| Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-24455 | 1 Jenkins | 1 Visual Expert | 2024-11-21 | 4.3 Medium |
| Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2023-24449 | 1 Jenkins | 1 Pwauth Security Realm | 2024-11-21 | 4.3 Medium |
| Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2023-24416 | 2024-11-21 | 6.8 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7. | ||||
| CVE-2023-24379 | 2024-11-21 | 6.8 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through 3.1.9.9. | ||||
| CVE-2023-24256 | 1 Nio | 3 Aspen, Ec6, Ec6 Aspen | 2024-11-21 | 7.8 High |
| An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. | ||||
| CVE-2023-24057 | 2 Hapifhir, Hl7 | 2 Hl7 Fhir Core, Fhir Ig Publisher | 2024-11-21 | 8.1 High |
| HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive). | ||||
| CVE-2023-23907 | 1 Milesight | 1 Milesightvpn | 2024-11-21 | 7.5 High |
| A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-23888 | 2024-11-21 | 7.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2. | ||||
| CVE-2023-23872 | 2024-11-21 | 4.9 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2. | ||||
| CVE-2023-23842 | 1 Solarwinds | 1 Network Configuration Monitor | 2024-11-21 | 7.2 High |
| The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2023-23784 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 5.6 Medium |
| A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. | ||||