Vulnerabilities (CVE)

Filtered by CWE-36
Total 57 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-41830 2024-11-21 N/A 6.5 MEDIUM
An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization. 
CVE-2023-3765 2 Lfprojects, Microsoft 2 Mlflow, Windows 2024-11-21 N/A 10.0 CRITICAL
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
CVE-2023-36786 1 Microsoft 1 Skype For Business Server 2024-11-21 N/A 7.2 HIGH
Skype for Business Remote Code Execution Vulnerability
CVE-2023-32054 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2024-11-21 N/A 7.3 HIGH
Volume Shadow Copy Elevation of Privilege Vulnerability
CVE-2023-30970 1 Palantir 2 Gotham Blackbird-witchcraft, Gotham Static-assets-servlet 2024-11-21 N/A 6.5 MEDIUM
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
CVE-2023-2101 1 Mogublog Project 1 Mogublog 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.
CVE-2023-1176 1 Lfprojects 1 Mlflow 2024-11-21 N/A 3.3 LOW
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
CVE-2022-20958 1 Cisco 1 Broadworks Commpilot Application 2024-11-21 N/A 8.3 HIGH
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]
CVE-2021-30173 1 Junhetec 1 Omnidirectional Communication System 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file.
CVE-2024-10651 2024-11-01 N/A 4.9 MEDIUM
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
CVE-2024-47883 1 Openrefine 1 Butterfly 2024-10-29 N/A 9.1 CRITICAL
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, prior to version 1.2.6, if a `file:/` URL is directly given where a relative path (resource name) is expected, this is also accepted in some code paths; the app then fetches the file, from a remote machine if indicated, and uses it as if it was a trusted part of the app's codebase. This leads to multiple weaknesses and potential weaknesses. An attacker that has network access to the application could use it to gain access to files, either on the the server's filesystem (path traversal) or shared by nearby machines (server-side request forgery with e.g. SMB). An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting). If an app is written in such a way that an attacker can influence the resource name used for a template, that attacker could cause the app to fetch and execute an attacker-controlled template (remote code execution). Version 1.2.6 contains a patch.
CVE-2024-45290 1 Phpoffice 1 Phpspreadsheet 2024-10-16 N/A 7.5 HIGH
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-45291 1 Phpoffice 1 Phpspreadsheet 2024-10-16 N/A 8.8 HIGH
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability.
CVE-2024-9924 2024-10-15 N/A 9.8 CRITICAL
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .
CVE-2024-8497 2024-09-26 N/A 7.5 HIGH
Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.
CVE-2024-8778 1 Syscomgo 1 Omflow 2024-09-20 N/A 6.5 MEDIUM
OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.
CVE-2024-7323 1 Digiwin 1 Easyflow .net 2024-09-11 N/A 6.5 MEDIUM
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .