Total
7636 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27981 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2025-02-05 | 7.8 High |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | ||||
| CVE-2023-3813 | 1 Artbees | 1 Jupiter X Core | 2025-02-05 | 7.5 High |
| The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. | ||||
| CVE-2023-5414 | 1 Icegram | 1 Icegram Express | 2025-02-05 | 9.1 Critical |
| The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. | ||||
| CVE-2023-4274 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-05 | 8.7 High |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments. | ||||
| CVE-2023-28459 | 1 Pretalx | 1 Pretalx | 2025-02-05 | 6.5 Medium |
| pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files. | ||||
| CVE-2023-28458 | 1 Pretalx | 1 Pretalx | 2025-02-05 | 4.3 Medium |
| pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file. | ||||
| CVE-2023-21093 | 1 Google | 1 Android | 2025-02-05 | 7.8 High |
| In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832 | ||||
| CVE-2024-38706 | 1 Hasthemes | 1 Ht Mega | 2025-02-05 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7. | ||||
| CVE-2023-26101 | 1 Progress | 1 Flowmon Packet Investigator | 2025-02-05 | 7.5 High |
| In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | ||||
| CVE-2023-47679 | 1 Qodeinteractive | 1 Qi Addons For Elementor | 2025-02-05 | 6.4 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3. | ||||
| CVE-2024-13409 | 1 Wpwax | 1 Post Grid\, Slider \& Carousel Ultimate | 2025-02-05 | 7.5 High |
| The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2023-31059 | 1 Repetier-server | 1 Repetier-server | 2025-02-04 | 7.5 High |
| Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | ||||
| CVE-2023-30620 | 1 Mindsdb | 1 Mindsdb | 2025-02-04 | 7.5 High |
| mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. An attacker may leverage this vulnerability to overwrite any local file which the server process has access to. There is no risk of file exposure with this vulnerability. This issue has been addressed in release `23.2.1.0 `. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-13550 | 1 Paulrosen | 1 Abc Notation | 2025-02-04 | 6.5 Medium |
| The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2023-25508 | 1 Nvidia | 2 Bmc, Dgx-1 | 2025-02-04 | 6.7 Medium |
| NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2022-36400 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2025-02-04 | 6.7 Medium |
| Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-25944 | 1 Dell | 1 Openmanage Enterprise | 2025-02-04 | 5.7 Medium |
| Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application. | ||||
| CVE-2024-24908 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2025-02-04 | 6.5 Medium |
| Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | ||||
| CVE-2023-23838 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | 6.5 Medium |
| Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | ||||
| CVE-2022-48476 | 1 Jetbrains | 1 Ktor | 2025-02-04 | 7.5 High |
| In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | ||||