Total
179 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-5547 | 2024-06-27 | N/A | ||
Relative Path Traversal in GitHub repository stitionai/devika prior to -. | ||||
CVE-2024-37138 | 2024-06-26 | 4.1 Medium | ||
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system. | ||||
CVE-2024-27770 | 2024-06-20 | 8.8 High | ||
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal | ||||
CVE-2024-20310 | 2024-06-20 | 6.1 Medium | ||
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | ||||
CVE-2024-30010 | 2024-06-19 | 8.8 High | ||
Windows Hyper-V Remote Code Execution Vulnerability | ||||
CVE-2024-3497 | 2024-06-17 | 8.8 High | ||
Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL. | ||||
CVE-2024-2461 | 2024-06-11 | N/A | ||
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible | ||||
CVE-2024-4330 | 2024-06-07 | N/A | ||
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file. | ||||
CVE-2024-0520 | 2024-06-07 | N/A | ||
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0. | ||||
CVE-2024-33615 | 2024-06-04 | 8.8 High | ||
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. | ||||
CVE-2024-34712 | 2024-06-04 | 6.5 Medium | ||
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url `/api/v10/channels/{id}`, and deleting a channel rather than removing a ban. Version 1.10.4 fixes this issue. Some workarounds are available. One may sanitize user input, ensuring strings are valid for the purpose they are being used for. One may also encode input with `encodeURIComponent` before providing it to the library. | ||||
CVE-2024-35186 | 2024-06-04 | 8.8 High | ||
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0. | ||||
CVE-2023-33144 | 1 Microsoft | 1 Visual Studio Code | 2024-06-04 | 6.6 Medium |
Visual Studio Code Spoofing Vulnerability | ||||
CVE-2023-35359 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-06-04 | 7.8 High |
Windows Kernel Elevation of Privilege Vulnerability | ||||
CVE-2023-3940 | 2024-06-04 | 7.5 High | ||
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. | ||||
CVE-2023-3941 | 2024-06-04 | 10.0 Critical | ||
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. | ||||
CVE-2024-36362 | 2024-05-31 | 6.5 Medium | ||
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible | ||||
CVE-2023-23391 | 1 Microsoft | 1 Office | 2024-05-29 | 5.5 Medium |
Office for Android Spoofing Vulnerability | ||||
CVE-2023-23379 | 1 Microsoft | 1 Defender For Iot | 2024-05-29 | 7.8 High |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
CVE-2023-38185 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 8.8 High |
Microsoft Exchange Server Remote Code Execution Vulnerability |