Filtered by CWE-35
Total 115 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-24685 2025-01-27 8.1 High
Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18.
CVE-2024-49249 2025-01-07 8.6 High
Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3.
CVE-2023-7263 2024-12-28 7.3 High
Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a (CVE)ID:CVE-2023-7263
CVE-2024-0113 1 Nvidia 12 Mellanox Os Firmware, Metrox-2 Firmware, Metrox-3 Xc Firmware and 9 more 2024-12-26 7.5 High
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
CVE-2023-7300 2024-12-26 8 High
Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613)
CVE-2024-54216 2024-12-20 7.7 High
Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1.
CVE-2024-54313 2024-12-13 6.5 Medium
Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25.
CVE-2024-21575 2024-12-12 8.6 High
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE).
CVE-2024-52498 1 Softpulse Infotech 1 Sp Blog Designer 2024-11-29 7.5 High
Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0.
CVE-2024-50054 1 Myscada 2 Mypro Manager, Mypro Runtime 2024-11-26 7.5 High
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
CVE-2024-45190 1 Mage 1 Mage-ai 2024-11-25 6.5 Medium
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
CVE-2024-39171 1 Phpvibe 1 Phpvibe 2024-11-21 8.8 High
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.
CVE-2024-27901 2024-11-21 7.2 High
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.
CVE-2024-1886 2024-11-21 3 Low
This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.
CVE-2023-6252 1 Hyphensolutions 1 Chameleon Power 2024-11-21 7.5 High
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.
CVE-2023-5885 1 Franklinfueling 2 Colibri, Colibri Firmware 2024-11-21 6.5 Medium
The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.
CVE-2023-46690 1 Deltaww 1 Infrasuite Device Master 2024-11-21 8.8 High
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
CVE-2023-39916 1 Nlnetlabs 1 Routinator 2024-11-21 9.3 Critical
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.
CVE-2023-21415 1 Axis 5 Axis Os, Axis Os 2016, Axis Os 2018 and 2 more 2024-11-21 6.5 Medium
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2021-1364 1 Cisco 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service 2024-11-21 6.5 Medium
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.