Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54154 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 8.0 HIGH |
| In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | |||||
| CVE-2024-54462 | 2025-01-29 | N/A | N/A | ||
| The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.8.12+18. It is recommended to update to the latest version of image_picker_android that contains the changes to address this vulnerability. | |||||
| CVE-2024-54461 | 2025-01-29 | N/A | N/A | ||
| The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability. | |||||
| CVE-2024-50453 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 7.5 HIGH |
| Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9. | |||||
| CVE-2024-32116 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | N/A | 5.1 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | |||||
| CVE-2024-35274 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-17 | N/A | 2.3 LOW |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. | |||||
| CVE-2025-0390 | 2025-01-11 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-0550 | 1 Mintplexlabs | 1 Anythingllm | 2025-01-10 | N/A | 6.5 MEDIUM |
| A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack. | |||||
| CVE-2024-13130 | 2025-01-10 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-30010 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-01-08 | N/A | 8.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2024-49062 | 1 Microsoft | 1 Sharepoint Server | 2025-01-08 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2025-0225 | 2025-01-05 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45816 | 1 Linuxfoundation | 1 Backstage | 2025-01-03 | N/A | 6.5 MEDIUM |
| Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-35359 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-12897 | 2024-12-27 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-34990 | 2024-12-18 | N/A | 9.8 CRITICAL | ||
| A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. | |||||
| CVE-2023-42791 | 1 Fortinet | 1 Fortimanager | 2024-12-16 | N/A | 8.8 HIGH |
| A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2024-36362 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible | |||||
| CVE-2024-27199 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 7.3 HIGH |
| In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | |||||
| CVE-2024-12645 | 2024-12-16 | N/A | 6.5 MEDIUM | ||
| The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system. | |||||