Total
158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6829 | 2025-03-20 | N/A | 9.1 CRITICAL | ||
| A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files. This can lead to arbitrary data being written to arbitrary locations on the remote tracking server, which could be used for further attacks such as writing a new SSH key to the target server. | |||||
| CVE-2024-10902 | 2025-03-20 | N/A | 9.1 CRITICAL | ||
| In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability includes the potential for remote code execution (RCE) by writing malicious files, such as a malicious `__init__.py` in the Python's `/site-packages/` directory. | |||||
| CVE-2024-10834 | 2025-03-20 | N/A | 9.1 CRITICAL | ||
| eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to `os.path.join`, enabling an attacker to write files to arbitrary locations on the target server. This vulnerability can be exploited by setting the `doc_file.filename` to an absolute path, which can lead to overwriting system files or creating new SSH-key entries. | |||||
| CVE-2024-10361 | 2025-03-20 | N/A | 8.1 HIGH | ||
| An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit this to bypass security mechanisms and delete files outside the intended directory, including critical system files, user data, or application resources. This vulnerability impacts the integrity and availability of the system. | |||||
| CVE-2025-29930 | 2025-03-18 | N/A | N/A | ||
| imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $_GET['seoOp'] parameter is manipulated to include malicious input (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php), the application could allow an attacker to read sensitive files on the server (Local File Inclusion, LFI). The $_GET['seoOp'] and $_GET['seoArg'] parameters are directly used without sanitization or validation. This is partly mitigated by the fact that the ImpressCMS sensitive files are stored outside the web root, in a folder with a randomized name. The issue has been resolved in imFaq 1.0.1. | |||||
| CVE-2023-45588 | 2025-03-14 | N/A | 8.2 HIGH | ||
| An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | |||||
| CVE-2024-41183 | 2025-03-13 | N/A | 7.8 HIGH | ||
| Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges. | |||||
| CVE-2025-24996 | 2025-03-11 | N/A | 6.5 MEDIUM | ||
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2024-12036 | 2025-03-07 | N/A | 7.5 HIGH | ||
| The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-25478 | 2025-03-05 | N/A | 6.5 MEDIUM | ||
| The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password. | |||||
| CVE-2025-1730 | 2025-03-01 | N/A | 6.5 MEDIUM | ||
| The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including any local file on the server, such as wp-config.php or /etc/passwd. | |||||
| CVE-2025-27137 | 2025-02-24 | N/A | 4.4 MEDIUM | ||
| Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the Pebble template engine. Pebble supports an `include` tag, which allows template authors to include the content of arbitrary files upon evaluation. Prior to version 4.12.6, users of Dependency-Track with the `SYSTEM_CONFIGURATION` permission can abuse the `include` tag by crafting notification templates that `include` sensitive local files, such as `/etc/passwd` or `/proc/1/environ`. By configuring such a template for a notification rule (aka "Alert"), and having it send notifications to a destination controlled by the actor, sensitive information may be leaked. The issue has been fixed in Dependency-Track 4.12.6. In fixed versions, the `include` tag can no longer be used. Usage of the tag will cause template evaluation to fail. As a workaround, avoid assigning the `SYSTEM_CONFIGURATION` permission to untrusted users. The `SYSTEM_CONFIGURATION` permission per default is only granted to members of the `Administrators` team. Assigning this permission to non-administrative users or teams is a security risk in itself, and highly discouraged. | |||||
| CVE-2024-38657 | 2025-02-21 | N/A | 9.1 CRITICAL | ||
| External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | |||||
| CVE-2025-0111 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-21 | N/A | 6.5 MEDIUM |
| An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | |||||
| CVE-2024-2917 | 1 Campcodes | 1 House Rental Management System | 2025-02-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983. | |||||
| CVE-2024-4818 | 1 Campcodes | 1 Online Laundry Management System | 2025-02-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939. | |||||
| CVE-2024-12267 | 2025-02-18 | N/A | 5.3 MEDIUM | ||
| The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5. This makes it possible for unauthenticated attackers to delete limited arbitrary files on the server. It is not possible to delete files like wp-config.php that would make RCE possible. | |||||
| CVE-2025-21377 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-14 | N/A | 6.5 MEDIUM |
| NTLM Hash Disclosure Spoofing Vulnerability | |||||
| CVE-2025-0109 | 2025-02-12 | N/A | N/A | ||
| An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software. | |||||
| CVE-2024-12058 | 2025-02-11 | N/A | 6.8 MEDIUM | ||
| External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | |||||