Export limit exceeded: 10321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40051 | 1 Ip-guard | 1 Ip-guard | 2024-11-21 | 7.5 High |
| IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter. | ||||
| CVE-2024-3429 | 1 Lollms | 1 Lollms | 2024-11-21 | 9.8 Critical |
| A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6. | ||||
| CVE-2024-3322 | 1 Lollms | 1 Lollms Web Ui | 2024-11-21 | 9.8 Critical |
| A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrary paths using '../' or absolute paths. This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation. | ||||
| CVE-2024-3234 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-11-21 | 9.8 Critical |
| The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305. | ||||
| CVE-2024-39741 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-11-21 | 4.3 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010. | ||||
| CVE-2024-39688 | 2 Fish.audio, Fishaudio | 2 Bert-vits2, Bert-vits2 | 2024-11-21 | 6.5 Medium |
| Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier. | ||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | 8.8 High |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | ||||
| CVE-2024-39036 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.5 Medium |
| SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. | ||||
| CVE-2024-37513 | 1 Themewinter | 1 Wpcafe | 2024-11-21 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27. | ||||
| CVE-2024-37462 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2024-11-21 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2. | ||||
| CVE-2024-37454 | 1 Awsm | 1 Awsm Team | 2024-11-21 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.This issue affects AWSM Team: from n/a through 1.3.1. | ||||
| CVE-2024-37419 | 1 Codeless | 1 Cowidgets | 2024-11-21 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. | ||||
| CVE-2024-37268 | 1 Kaptinlin | 1 Striking | 2024-11-21 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4. | ||||
| CVE-2024-37266 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1. | ||||
| CVE-2024-37224 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2024-11-21 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71. | ||||
| CVE-2024-37092 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-11-21 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
| CVE-2024-37089 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-11-21 | 9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
| CVE-2024-37037 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-11-21 | 8.1 High |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. | ||||
| CVE-2024-36418 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.6 High |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36117 | 1 Dzikoysk | 1 Reposilite | 2024-11-21 | 8.6 High |
| Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074. | ||||