Total
8674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1630 | 2024-11-21 | 7.7 High | ||
| Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component | ||||
| CVE-2024-1629 | 2024-11-21 | 6.2 Medium | ||
| Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component | ||||
| CVE-2024-1142 | 2024-11-21 | 5.4 Medium | ||
| Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue. | ||||
| CVE-2024-0980 | 2024-11-21 | 7.1 High | ||
| The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code. | ||||
| CVE-2024-0964 | 1 Gradio Project | 1 Gradio | 2024-11-21 | 9.4 Critical |
| A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | ||||
| CVE-2024-0882 | 1 Linkwechat | 1 Linkwechat | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7134 | 1 Oretnom23 | 1 Medicine Tracker System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability. | ||||
| CVE-2023-7114 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 7.1 High |
| Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. | ||||
| CVE-2023-6908 | 1 Dfirkuiper | 1 Kuiper | 2024-11-21 | 3.1 Low |
| A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzip_file of the file kuiper/app/controllers/case_management.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability. | ||||
| CVE-2023-6900 | 1 Rmountjoy92 | 1 Dashmachine | 2024-11-21 | 4.6 Medium |
| A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6893 | 1 Hikvision | 30 Ds-kd-bk, Ds-kd-dis, Ds-kd-e and 27 more | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252. | ||||
| CVE-2023-6831 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 8.1 High |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | ||||
| CVE-2023-6753 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2024-11-21 | 8.8 High |
| Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | ||||
| CVE-2023-6577 | 1 Byzoro | 2 Patrolflow-am-2530pro, Patrolflow-am-2530pro Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6562 | 1 Kakadusoftware | 1 Kakadu Sdk | 2024-11-21 | 7.5 High |
| JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker. | ||||
| CVE-2023-6458 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.1 High |
| Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. | ||||
| CVE-2023-6352 | 1 Aquaforest | 1 Tiff Server | 2024-11-21 | 5.3 Medium |
| The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files. | ||||
| CVE-2023-6307 | 1 Jeecg | 1 Jimureport | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6265 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2024-11-21 | 6.5 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported. | ||||
| CVE-2023-6252 | 1 Hyphensolutions | 1 Chameleon Power | 2024-11-21 | 7.5 High |
| Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files. | ||||