Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38735 | 2024-07-12 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in N.O.U.S. Open Useful and Simple Event post allows PHP Local File Inclusion.This issue affects Event post: from n/a through 5.9.5. | |||||
| CVE-2024-23540 | 2024-07-12 | N/A | 5.3 MEDIUM | ||
| The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file. | |||||
| CVE-2024-5548 | 2024-07-12 | N/A | 7.5 HIGH | ||
| A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbitrary files from the system. This issue affects the latest version of the repository. The vulnerability arises due to insufficient input validation in the 'download_project' function, allowing attackers to traverse the directory structure and access files outside the intended directory. This could lead to unauthorized access to sensitive files on the server. | |||||
| CVE-2024-22377 | 2024-07-11 | N/A | 5.3 MEDIUM | ||
| The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | |||||
| CVE-2023-5390 | 1 Honeywell | 4 Controledge Unit Operations Controller, Controledge Unit Operations Controller Firmware, Controledge Virtual Unit Operations Controller and 1 more | 2024-07-09 | N/A | 5.3 MEDIUM |
| An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2024-37454 | 2024-07-09 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1. | |||||
| CVE-2024-37268 | 2024-07-09 | N/A | 8.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4. | |||||
| CVE-2024-37520 | 2024-07-09 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.12. | |||||
| CVE-2024-37410 | 2024-07-09 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3. | |||||
| CVE-2024-37437 | 2024-07-09 | N/A | 5.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1. | |||||
| CVE-2024-37266 | 2024-07-09 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1. | |||||
| CVE-2024-37501 | 2024-07-09 | N/A | 8.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3. | |||||
| CVE-2024-37419 | 2024-07-09 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. | |||||
| CVE-2024-37499 | 2024-07-09 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Path Traversal.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2. | |||||
| CVE-2024-37462 | 2024-07-09 | N/A | 8.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2. | |||||
| CVE-2024-37513 | 2024-07-09 | N/A | 8.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27. | |||||
| CVE-2024-37464 | 2024-07-09 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5. | |||||
| CVE-2024-37497 | 2024-07-09 | N/A | 7.7 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1. | |||||
| CVE-2024-39937 | 1 Supos | 1 Supos | 2024-07-09 | N/A | 7.5 HIGH |
| supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files. | |||||
| CVE-2024-39178 | 2024-07-09 | N/A | 5.4 MEDIUM | ||
| MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid. | |||||