Total
7633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35844 | 1 Lightdash | 1 Lightdash | 2024-12-12 | 7.5 High |
| packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used. | ||||
| CVE-2023-35843 | 1 Nocodb | 1 Nocodb | 2024-12-12 | 7.5 High |
| NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. | ||||
| CVE-2023-35840 | 1 Std42 | 1 Elfinder | 2024-12-12 | 6.5 Medium |
| _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. | ||||
| CVE-2023-25186 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-11 | 5.1 Medium |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network. | ||||
| CVE-2024-53523 | 2024-12-11 | 7.5 High | ||
| JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. | ||||
| CVE-2024-53490 | 2024-12-11 | 7.5 High | ||
| Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. | ||||
| CVE-2023-35852 | 1 Oisf | 1 Suricata | 2024-12-11 | 7.5 High |
| In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation. | ||||
| CVE-2024-44167 | 2 Apple, Mercurycom | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2024-12-11 | 8.1 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files. | ||||
| CVE-2023-50955 | 1 Ibm | 1 Infosphere Information Server | 2024-12-10 | 2.4 Low |
| IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777. | ||||
| CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | ||||
| CVE-2024-33605 | 2024-12-10 | 7.5 High | ||
| Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-53790 | 1 Ogun Labs | 1 Lenxel Core | 2024-12-09 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5. | ||||
| CVE-2023-34939 | 1 Onlyoffice | 1 Onlyoffice | 2024-12-06 | 9.8 Critical |
| Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | ||||
| CVE-2024-11585 | 1 Nsp-code | 1 Wp Hide \& Security Enhancer | 2024-12-06 | 7.5 High |
| The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss. | ||||
| CVE-2024-10516 | 1 Swteplugins | 1 Swift Performance | 2024-12-06 | 8.1 High |
| The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2023-32608 | 1 Pleasanter | 1 Pleasanter | 2024-12-05 | 6.5 Medium |
| Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. | ||||
| CVE-2023-32521 | 1 Trendmicro | 1 Mobile Security | 2024-12-05 | 9.1 Critical |
| A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. | ||||
| CVE-2023-30945 | 1 Palantir | 3 Clips2, Video Clip Distributor, Video History Service | 2024-12-05 | 9.8 Critical |
| Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well. | ||||
| CVE-2023-3330 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-12-04 | 4.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. | ||||
| CVE-2023-32557 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 9.8 Critical |
| A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | ||||