Total
8711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47556 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2024-47557 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2024-47841 | 1 Wikimedia | 2 Mediawiki-extensions-css, Wikimedia-extensions-css | 2024-10-16 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. | ||||
| CVE-2024-39406 | 1 Adobe | 2 Commerce, Magento | 2024-10-16 | 6.8 Medium |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2024-9381 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-16 | 7.2 High |
| Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | ||||
| CVE-2024-47011 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.5 High |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | ||||
| CVE-2024-47010 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | ||||
| CVE-2024-47009 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | ||||
| CVE-2023-7260 | 1 Opentext | 1 Cx-e Voice | 2024-10-16 | 7.5 High |
| Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | ||||
| CVE-2024-47949 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 4.9 Medium |
| In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | ||||
| CVE-2024-47948 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 4.9 Medium |
| In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | ||||
| CVE-2024-46446 | 1 Mecha-cms | 2 Mecha, Mecha Cms | 2024-10-11 | 9.1 Critical |
| Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. | ||||
| CVE-2024-20449 | 1 Cisco | 2 Data Center Network Manager, Nexus Dashboard Fabric Controller | 2024-10-08 | 8.8 High |
| A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root. | ||||
| CVE-2024-9301 | 1 Netflix | 1 E2nest | 2024-10-07 | 7.5 High |
| A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a | ||||
| CVE-2024-7950 | 1 Wpjobportal | 1 Wp Job Portal | 2024-10-04 | 9.8 Critical |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator. | ||||
| CVE-2021-27916 | 1 Acquia | 1 Mautic | 2024-10-02 | 8.1 High |
| Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. | ||||
| CVE-2024-47292 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-01 | 6.2 Medium |
| Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-8941 | 1 Scriptcase | 1 Scriptcase | 2024-09-30 | 7.5 High |
| Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application. | ||||
| CVE-2024-6786 | 1 Moxa | 1 Mxview One | 2024-09-30 | 6.5 Medium |
| The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. | ||||
| CVE-2024-33369 | 1 Plasmoapp | 1 Rpshare | 2024-09-30 | 8.8 High |
| Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask | ||||