Total
7189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7634 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2025-01-24 | N/A | 4.9 MEDIUM |
| NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. | |||||
| CVE-2024-2552 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 6.0 MEDIUM |
| A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. | |||||
| CVE-2024-23607 | 1 F5 | 2 F5os-a, F5os-c | 2025-01-24 | N/A | 5.5 MEDIUM |
| A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-23422 | 2025-01-24 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Store Locator allows PHP Local File Inclusion. This issue affects Store Locator: from n/a through 3.98.10. | |||||
| CVE-2024-54535 | 1 Apple | 4 Ipados, Iphone Os, Visionos and 1 more | 2025-01-23 | N/A | 4.3 MEDIUM |
| A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders. | |||||
| CVE-2024-42471 | 1 Github | 2 Actions\/artifact, Actions Toolkit | 2025-01-23 | N/A | 7.3 HIGH |
| actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue. | |||||
| CVE-2024-27102 | 1 Pterodactyl | 1 Wings | 2025-01-23 | N/A | 9.9 CRITICAL |
| Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is possible. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. Details on the exploitation of this vulnerability are embargoed until March 27th, 2024 at 18:00 UTC. In order to mitigate this vulnerability, a full rewrite of the entire server filesystem was necessary. Because of this, the size of the patch is massive, however effort was made to reduce the amount of breaking changes. Users are advised to update to version 1.11.9. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32985 | 1 Jenkins | 1 Sidebar Link | 2025-01-23 | N/A | 4.3 MEDIUM |
| Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2024-44195 | 1 Apple | 1 Macos | 2025-01-23 | N/A | 7.5 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files. | |||||
| CVE-2024-26261 | 1 Hgiga | 4 Oaklouds-organization-2.0, Oaklouds-organization-3.0, Oaklouds-webbase-2.0 and 1 more | 2025-01-23 | N/A | 9.8 CRITICAL |
| The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. | |||||
| CVE-2024-0818 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-23 | N/A | 9.1 CRITICAL |
| Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 | |||||
| CVE-2024-25156 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-01-23 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. | |||||
| CVE-2024-42187 | 2025-01-23 | N/A | 5.3 MEDIUM | ||
| BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks. | |||||
| CVE-2024-38768 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 4.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion, Path Traversal.This issue affects The Pack Elementor addons: from n/a through 2.0.8.6. | |||||
| CVE-2023-30509 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-22 | N/A | 4.9 MEDIUM |
| Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2023-30508 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-22 | N/A | 4.9 MEDIUM |
| Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2024-50453 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 7.5 HIGH |
| Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9. | |||||
| CVE-2024-1974 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | N/A | 8.8 HIGH |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2023-32767 | 1 Symcon | 1 Ip Symcon | 2025-01-22 | N/A | 7.5 HIGH |
| The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. | |||||
| CVE-2022-32427 | 1 Printerlogic | 1 Windows Client | 2025-01-22 | N/A | 8.8 HIGH |
| PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected are advised to upgrade. | |||||