Total
7633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25693 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-01-08 | 9.9 Critical |
| There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. | ||||
| CVE-2024-12105 | 1 Progress | 1 Whatsup Gold | 2025-01-08 | 6.5 Medium |
| In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | ||||
| CVE-2024-54382 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-07 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. | ||||
| CVE-2024-12429 | 2025-01-07 | 4.3 Medium | ||
| An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | ||||
| CVE-2023-33510 | 1 Jeecg P3 Biz Chat Project | 1 Jeecg P3 Biz Chat | 2025-01-07 | 7.5 High |
| Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | ||||
| CVE-2024-56286 | 2025-01-07 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0. | ||||
| CVE-2023-1864 | 1 Fanuc | 2 Roboguide Handlingpro, Roboguide Handlingpro Firmware | 2025-01-06 | 6.8 Medium |
| FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. | ||||
| CVE-2023-29502 | 1 Ptc | 1 Vuforia Studio | 2025-01-06 | 6.2 Medium |
| Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | ||||
| CVE-2023-34238 | 1 Gatsbyjs | 1 Gatsby | 2025-01-06 | 4.3 Medium |
| Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `[email protected]` and `[email protected]` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet. | ||||
| CVE-2023-30198 | 1 Webbax | 1 Winbizpayment | 2025-01-06 | 7.5 High |
| Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. | ||||
| CVE-2024-11010 | 1 Softaculous | 1 Fileorganizer Manage Wordpress And Website Files | 2025-01-06 | 7.2 High |
| The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server, allowing the execution of any JavaScript code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2023-3172 | 1 Froxlor | 1 Froxlor | 2025-01-06 | 7.2 High |
| Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | ||||
| CVE-2024-12793 | 1 Pbootcms | 1 Pbootcms | 2025-01-06 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-34345 | 1 Ami | 1 Megarac Sp-x | 2025-01-03 | 6.5 Medium |
| AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | ||||
| CVE-2023-34342 | 1 Ami | 1 Megarac Sp-x | 2025-01-03 | 6 Medium |
| AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2023-51640 | 1 Alltena | 1 Allegra | 2025-01-03 | 4.7 Medium |
| Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the extarctZippedFile [sic] method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22504. | ||||
| CVE-2023-51639 | 1 Alltena | 1 Allegra | 2025-01-03 | 9.8 Critical |
| Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22361. | ||||
| CVE-2023-51647 | 1 Alltena | 1 Allegra | 2025-01-03 | 4.7 Medium |
| Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveInlineEdit method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22528. | ||||
| CVE-2023-51646 | 1 Alltena | 1 Allegra | 2025-01-03 | 4.7 Medium |
| Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadSimpleFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22527. | ||||
| CVE-2023-51645 | 1 Alltena | 1 Allegra | 2025-01-03 | 4.7 Medium |
| Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22513. | ||||