CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-46898SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests. | CVSS 7.5 | Ss-proj | - | Patched | |
CVE-2024-46888A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device. | CVSS 9.9 | Siemens | - | Patched | |
CVE-2024-46649eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | CVSS 7.5 | - | - | ||
CVE-2024-46648eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | CVSS 7.5 | - | - | ||
CVE-2024-46647eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | CVSS 6.5 | - | - | ||
CVE-2024-46646eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | CVSS 6.5 | - | - | ||
CVE-2024-46645eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. | CVSS 7.5 | - | - | ||
CVE-2024-46644eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | CVSS 6.5 | - | - | ||
CVE-2024-46503An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. | CVSS 7.5 | Apache | - | - | |
CVE-2024-46446Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. | CVSS 9.8 | Mecha-cms | Exploit | - | |
CVE-2024-46376Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | CVSS 9.8 | Mayurik | - | - | |
CVE-2024-46375Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | CVSS 9.8 | Mayurik | - | - | |
CVE-2024-46327An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. | CVSS 5.7 | Vonets | - | - | |
CVE-2024-46212An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | CVSS 4.9 | Redaxo | - | Patched | |
CVE-2024-45845nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493. | CVSS 7.5 | Nixos | - | - | |
CVE-2024-45842Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.
Unintended internal files may be retrieved when processing crafted HTTP requests. | CVSS 5.3 | - | - | ||
CVE-2024-45816Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 6.5 | Backstage | - | Patched | |
CVE-2024-4576The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. | CVSS 5.3 | Tibco | - | Patched | |
CVE-2024-45731In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. | CVSS 8 | Splunk | - | Patched | |
CVE-2024-45711SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | CVSS 8.8 | Solarwinds | - | Patched | |
CVE-2024-45604Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability. | CVSS 4.3 | Contao | - | Patched | |
CVE-2024-45601A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. We would like to thank @Letm3through for reporting this issue and proposing mitigations to address this issue. | CVSS 7.5 | - | Patched | ||
CVE-2024-45593Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. | CVSS 8.8 | Nixos | - | Patched | |
CVE-2024-4556Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | CVSS 7.5 | Microfocus, et al | - | - | |
CVE-2024-45443Directory traversal vulnerability in the cust module
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | CVSS 9.1 | Huawei, et al | - | Patched | |
CVE-2024-45436extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. | CVSS 7.5 | Github, et al | - | Patched | |
CVE-2024-45401A vulnerability exists in stripe-cli versions 1.11.1 and higher where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability. | CVSS 7.1 | Stripe | - | Patched | |
CVE-2024-45388Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files. This issue was found using the Uncontrolled data used in path expression CodeQL query for python. Users are advised to make sure the final path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)`) is contained within the expected base path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, "/")`). This issue is also tracked as GHSL-2023-274. | CVSS 7.5 | Hoverfly | Exploit | Patched | |
CVE-2024-45312Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised. | CVSS 5.3 | - | Patched | ||
CVE-2024-45310runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.
Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual
user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested. | CVSS 3.6 | Linuxfoundation | - | Patched | |
CVE-2024-45309OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. | CVSS 7.5 | Onedev project | - | Patched | |
CVE-2024-45291PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. | CVSS 8.8 | Hp, et al | Exploit | Patched | |
CVE-2024-45262An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path. | CVSS 8.8 | Gl-inet | - | - | |
CVE-2024-45256An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py. | CVSS 9.8 | Exploit | - | ||
CVE-2024-45253Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | CVSS 7.5 | Avigilon | - | - | |
CVE-2024-45241A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. | CVSS 7.5 | Centralsquare | Exploit | - | |
CVE-2024-45189Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request | CVSS 6.5 | Mage | Exploit | Patched | |
CVE-2024-45188Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request | CVSS 6.5 | Mage | - | Patched | |
CVE-2024-45178An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, due to insufficient user input validation. For instance, the download functionality for backups provided by the script download-bkf.pml is vulnerable to a path traversal attack via the parameter bkf. This enables an authenticated user to download arbitrary files as Linux user www-data from the C-MOR system. Another path traversal attack is in the script show-movies.pml, which can be exploited via the parameter cam. | CVSS 7.1 | - | - | ||
CVE-2024-45175An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server. | CVSS 8.8 | - | - | ||
CVE-2024-45074IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2024-4498A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing an attacker to manipulate the `discussion_db_name` parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the `install_binding`, `reinstall_binding`, and `unInstall_binding` endpoints, despite the presence of a `sanitize_path_from_endpoint(data.name)` filter. Successful exploitation enables an attacker to upload and execute malicious code on the victim's system, leading to Remote Code Execution (RCE). | CVSS Low | - | - | ||
CVE-2024-44867phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. | CVSS 7.5 | Phpok | Exploit | - | |
CVE-2024-44825Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file. | CVSS 7.5 | - | - | ||
CVE-2024-44761An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests. | CVSS 9.8 | Exploit | - | ||
CVE-2024-44720SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. | CVSS 7.5 | Seacms | - | - | |
CVE-2024-44625Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go. | CVSS 8.8 | Gogs | Exploit | Patched | |
CVE-2024-44255A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent. | CVSS 7.8 | Apple | - | Patched | |
CVE-2024-44190A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files. | CVSS 5.5 | Apple | - | Patched | |
CVE-2024-44167This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files. | CVSS 8.1 | Apple | - | Patched | |
CVE-2024-44159Description: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges.Impact: An attacker with root privileges may be able to delete protected system files | CVSS 7.1 | Apple | - | Patched | |
CVE-2024-44048Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10. | CVSS 6.5 | Wpwax, et al | - | - | |
CVE-2024-44034Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2. | CVSS 7.5 | Wordpress | - | - | |
CVE-2024-44030Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 8.6. | CVSS 7.2 | Wordpress | - | - | |
CVE-2024-44023Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2. | CVSS 8.1 | Wordpress | - | - | |
CVE-2024-44018Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5. | CVSS 7.5 | Wordpress | - | - | |
CVE-2024-44017Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1. | CVSS 7.5 | Wordpress | - | - | |
CVE-2024-44016Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1. | CVSS 7.5 | Wordpress | - | - | |
CVE-2024-44015Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16. | CVSS 7.5 | Wordpress | - | - | |
CVE-2024-44014Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0. | CVSS 9.6 | Wordpress | - | - | |
CVE-2024-44013Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0. | CVSS 7.5 | Vr calendar project | - | - | |
CVE-2024-44012Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1. | CVSS 7.5 | Wordpress | - | - | |
CVE-2024-44011Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5. | CVSS 7.5 | Wordpress | - | - | |
CVE-2024-43996Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0. | CVSS 6.5 | Wpmet | - | - | |
CVE-2024-43957Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9. | CVSS 8.8 | Wpmart | - | - | |
CVE-2024-43955Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. | CVSS 7.5 | Themeum | - | - | |
CVE-2024-43797audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 4.3 | Audiobookshelf | Exploit | Patched | |
CVE-2024-43440A flaw was found in moodle. A local file may include risks when restoring block backups. | CVSS 7.5 | Moodle | - | Patched | |
CVE-2024-43434The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability. | CVSS 8.1 | Moodle | - | Patched | |
CVE-2024-43399Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7. | CVSS 9.8 | Opensecurity | Exploit | Patched | |
CVE-2024-43395CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue. | CVSS 8.2 | - | - | ||
CVE-2024-43373webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1. | CVSS 7.8 | J4k0xb | Exploit | Patched | |
CVE-2024-43345Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0. | CVSS 7.5 | Pluginops | - | - | |
CVE-2024-43328Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9. | CVSS 8.3 | Wpdeveloper | - | - | |
CVE-2024-43281Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3. | CVSS 5.3 | Voidcoders | - | - | |
CVE-2024-43271Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. | CVSS 8.5 | Themelocation | - | - | |
CVE-2024-43248Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | CVSS 9.1 | Bitapps | - | - | |
CVE-2024-43232Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3. | CVSS 8.5 | Wponlinesupport, et al | - | - | |
CVE-2024-43221Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2. | CVSS 8.5 | Crocoblock | - | - | |
CVE-2024-4320A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. An attacker can exploit this vulnerability by crafting a malicious `name` parameter that causes the server to load and execute a `__init__.py` file from an arbitrary location, such as the upload directory for discussions. This vulnerability affects the latest version of parisneo/lollms-webui and can lead to remote code execution without requiring user interaction, especially when the application is exposed to an external endpoint or operated in headless mode. | CVSS 9.8 | Lollms | Exploit | - | |
CVE-2024-43165Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8. | CVSS 6.5 | Wordpress | - | - | |
CVE-2024-4315parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability. | CVSS Low | - | Patched | ||
CVE-2024-43140Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4. | CVSS 8.8 | Elementor, et al | - | - | |
CVE-2024-43138Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1. | CVSS 8.8 | Mage-people, et al | - | - | |
CVE-2024-43135Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28. | CVSS 8.8 | Themewinter | - | - | |
CVE-2024-43129Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8. | CVSS 8.8 | Wpdeveloper | - | - | |
CVE-2024-43044Jenkins uses the Remoting library (typically agent.jar or remoting.jar) for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller (build steps, etc.) can be executed on agents. In addition to individual class and resource files, Remoting also allows Jenkins plugins to transmit entire jar files to agents using the Channel#preloadJar API. As of publication of this advisory, this feature is used by the following plugins distributed by the Jenkins project: bouncycastle API, Groovy, Ivy, TeamConcert In Remoting 3256.v88a_f6e922152 and earlier, except 3206.3208.v409508a_675ff and 3248.3250.v3277a_8e88c9b_, included in Jenkins 2.470 and earlier, LTS 2.452.3 and earlier, calls to Channel#preloadJar result in the retrieval of files from the controller by the agent using ClassLoaderProxy#fetchJar. Additionally, the implementation of ClassLoaderProxy#fetchJar invoked on the controller does not restrict paths that agents could request to read from the controller file system. This allows agent processes, code running on agents, and attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller file system. The Remoting library in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 now sends jar file contents with Channel#preloadJar requests, the only use case of ClassLoaderProxy#fetchJar in agents, so that agents do not need to request jar file contents from controllers anymore. To retain compatibility with older versions of Remoting in combination with the plugins listed above, ClassLoaderProxy#fetchJar is retained and otherwise unused, just deprecated. Its implementation in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 was changed so that it is now limited to retrieving jar files referenced in the core classloader or any plugin classloader. | CVSS 8.8 | Jenkins | Exploit | Patched | |
CVE-2024-43022An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. | CVSS 7.5 | - | - | ||
CVE-2024-43011An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system. | CVSS 4.9 | Zzcms | - | - | |
CVE-2024-42992Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability. | CVSS 0 | Github | Exploit | - | |
CVE-2024-4297The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files. | CVSS 4.9 | Hgiga | - | - | |
CVE-2024-4296The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files. | CVSS 4.9 | Hgiga | - | - | |
CVE-2024-42680An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. | CVSS 5.5 | Exploit | - | ||
CVE-2024-42501An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants. | CVSS 7.2 | - | - | ||
CVE-2024-42499Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions. | CVSS 5.3 | Fitnesse | - | - | |
CVE-2024-42485Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the URL. Patched with Version v2.3.3. | CVSS 7.5 | Pxlrbt | - | Patched | |
CVE-2024-42474Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows. | CVSS 6.5 | Snowflake, et al | - | Patched | |
CVE-2024-42471actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue. | CVSS 7.5 | Github | - | Patched | |
CVE-2024-42469CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time this vulnerability can allow remote code execution by an attacker. This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query. | CVSS 9.8 | Openhab | - | Patched | |
CVE-2024-42468openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | CVSS 7.5 | Openhab | - | Patched |