Total
115 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-24685 | 2025-01-27 | 8.1 High | ||
Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18. | ||||
CVE-2024-49249 | 2025-01-07 | 8.6 High | ||
Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3. | ||||
CVE-2023-7263 | 2024-12-28 | 7.3 High | ||
Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a (CVE)ID:CVE-2023-7263 | ||||
CVE-2024-0113 | 1 Nvidia | 12 Mellanox Os Firmware, Metrox-2 Firmware, Metrox-3 Xc Firmware and 9 more | 2024-12-26 | 7.5 High |
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | ||||
CVE-2023-7300 | 2024-12-26 | 8 High | ||
Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613) | ||||
CVE-2024-54216 | 2024-12-20 | 7.7 High | ||
Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. | ||||
CVE-2024-54313 | 2024-12-13 | 6.5 Medium | ||
Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | ||||
CVE-2024-21575 | 2024-12-12 | 8.6 High | ||
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE). | ||||
CVE-2024-52498 | 1 Softpulse Infotech | 1 Sp Blog Designer | 2024-11-29 | 7.5 High |
Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0. | ||||
CVE-2024-50054 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 7.5 High |
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | ||||
CVE-2024-45190 | 1 Mage | 1 Mage-ai | 2024-11-25 | 6.5 Medium |
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | ||||
CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | 8.8 High |
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | ||||
CVE-2024-27901 | 2024-11-21 | 7.2 High | ||
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | ||||
CVE-2024-1886 | 2024-11-21 | 3 Low | ||
This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | ||||
CVE-2023-6252 | 1 Hyphensolutions | 1 Chameleon Power | 2024-11-21 | 7.5 High |
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files. | ||||
CVE-2023-5885 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | 6.5 Medium |
The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | ||||
CVE-2023-46690 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 8.8 High |
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | ||||
CVE-2023-39916 | 1 Nlnetlabs | 1 Routinator | 2024-11-21 | 9.3 Critical |
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. | ||||
CVE-2023-21415 | 1 Axis | 5 Axis Os, Axis Os 2016, Axis Os 2018 and 2 more | 2024-11-21 | 6.5 Medium |
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
CVE-2021-1364 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2024-11-21 | 6.5 Medium |
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. |