Total
7654 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43771 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-02-11 | 6.5 Medium |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | ||||
| CVE-2024-49411 | 1 Samsung | 1 Android | 2025-02-10 | 4.3 Medium |
| Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | ||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | 8.4 High |
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | ||||
| CVE-2024-52481 | 1 Astoundify | 2 Jobify, Jobify Job Board Wordpress Theme | 2025-02-10 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | ||||
| CVE-2023-27648 | 1 Timmystudios | 1 Change Color Of Keypad | 2025-02-10 | 9.8 Critical |
| Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. | ||||
| CVE-2024-2224 | 1 Bitdefender | 2 Endpoint Security, Gravityzone Control Center | 2025-02-07 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | ||||
| CVE-2024-27081 | 1 Esphome | 1 Esphome | 2025-02-07 | 7.2 High |
| ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1. | ||||
| CVE-2023-29186 | 1 Sap | 1 Netweaver | 2025-02-07 | 8.7 High |
| In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable. | ||||
| CVE-2024-12875 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 4.9 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2023-26969 | 1 Atrocore | 1 Atropim | 2025-02-07 | 7.5 High |
| Atropim 1.5.26 is vulnerable to Directory Traversal. | ||||
| CVE-2023-26559 | 1 Sync | 2 Oxygen Content Fusion, Oxygen Xml Web Author | 2025-02-07 | 5.3 Medium |
| A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.) | ||||
| CVE-2023-41182 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-07 | 8.8 High |
| NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ZipUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19716. | ||||
| CVE-2023-38511 | 1 Combodo | 1 Itop | 2025-02-06 | 5 Medium |
| iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1. | ||||
| CVE-2022-34127 | 1 Glpi-project | 1 Manageentities | 2025-02-06 | 7.5 High |
| The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter. | ||||
| CVE-2022-34126 | 1 Glpi-project | 1 Activity | 2025-02-06 | 7.5 High |
| The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter. | ||||
| CVE-2024-27946 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | 6.5 Medium |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. | ||||
| CVE-2024-3107 | 1 Brainstormforce | 1 Spectra | 2025-02-06 | 4.3 Medium |
| The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information. | ||||
| CVE-2023-29887 | 1 Nuovo | 1 Spreadsheet-reader | 2025-02-06 | 7.5 High |
| A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. | ||||
| CVE-2024-53566 | 1 Sangoma | 1 Asterisk | 2025-02-06 | 5.5 Medium |
| An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. | ||||
| CVE-2024-26150 | 1 Linuxfoundation | 1 Backstage Backend-common | 2025-02-05 | 8.7 High |
| `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10. | ||||