Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34315 | 2024-07-03 | N/A | 7.5 HIGH | ||
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||||
| CVE-2024-34313 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint. | |||||
| CVE-2024-33881 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2024-07-03 | N/A | 5.3 MEDIUM |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. | |||||
| CVE-2024-33350 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | |||||
| CVE-2024-32399 | 2024-07-03 | N/A | 7.6 HIGH | ||
| Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. | |||||
| CVE-2024-32258 | 2024-07-03 | N/A | 8.8 HIGH | ||
| The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. | |||||
| CVE-2024-32163 | 2024-07-03 | N/A | 6.4 MEDIUM | ||
| CMSeasy 7.7.7.9 is vulnerable to code execution. | |||||
| CVE-2024-31965 | 2024-07-03 | N/A | 4.2 MEDIUM | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information. | |||||
| CVE-2024-31818 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | |||||
| CVE-2024-31801 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request. | |||||
| CVE-2024-31552 | 2024-07-03 | N/A | 7.1 HIGH | ||
| CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attackers to download arbitrary files on the server and obtain sensitive information. | |||||
| CVE-2024-28880 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product. | |||||
| CVE-2024-27984 | 2024-07-03 | N/A | 7.1 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | |||||
| CVE-2024-27977 | 2024-07-03 | N/A | 7.1 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | |||||
| CVE-2024-27976 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-27827 | 2024-07-03 | N/A | 6.2 MEDIUM | ||
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files. | |||||
| CVE-2024-27575 | 2024-07-03 | N/A | 7.5 HIGH | ||
| INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI. | |||||
| CVE-2024-25000 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24999 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24997 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||