Total
6231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26071 | 2024-11-18 | N/A | 8.4 HIGH | ||
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-11303 | 2024-11-18 | N/A | N/A | ||
| The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2. | |||||
| CVE-2024-41971 | 2024-11-18 | N/A | 8.1 HIGH | ||
| A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. | |||||
| CVE-2024-9935 | 2024-11-18 | N/A | 7.5 HIGH | ||
| The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-42499 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions. | |||||
| CVE-2024-50322 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2024-42680 | 1 Cysoft168 | 1 Super Easy Enterprise Management System | 2024-11-15 | N/A | 5.5 MEDIUM |
| An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. | |||||
| CVE-2024-21799 | 2024-11-15 | N/A | 7.1 HIGH | ||
| Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-52396 | 2024-11-15 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3. | |||||
| CVE-2024-2552 | 2024-11-15 | N/A | N/A | ||
| A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | |||||
| CVE-2024-52378 | 2024-11-15 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Labs64 DigiPass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through 0.3.0. | |||||
| CVE-2024-11215 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
| Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’. | |||||
| CVE-2024-52371 | 2024-11-15 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0. | |||||
| CVE-2024-50843 | 2024-11-15 | N/A | 5.3 MEDIUM | ||
| A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets. | |||||
| CVE-2024-47916 | 2024-11-15 | N/A | 7.5 HIGH | ||
| Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2024-45253 | 2024-11-15 | N/A | 7.5 HIGH | ||
| Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2024-49381 | 1 Plenti | 1 Plenti | 2024-11-14 | N/A | 7.5 HIGH |
| Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability. | |||||
| CVE-2024-45309 | 1 Onedev Project | 1 Onedev | 2024-11-14 | N/A | 7.5 HIGH |
| OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. | |||||
| CVE-2024-5982 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-11-14 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join. | |||||