Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52396

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-14 Nov, 2024 | 17:26
Updated At-15 Nov, 2024 | 16:37
Rejected At-
Credits

WordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:14 Nov, 2024 | 17:26
Updated At:15 Nov, 2024 | 16:37
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3.

Affected Products
Vendor
PluginUs.Net (RealMag777)realmag777
Product
WOLF
Collection URL
https://wordpress.org/plugins
Package Name
bulk-editor
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0.8.3 (custom)
    • -> unaffectedfrom1.0.8.4
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-126CAPEC-126 Path Traversal
CAPEC ID: CAPEC-126
Description: CAPEC-126 Path Traversal
Solutions

Update to 1.0.8.4 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Trương Hữu Phúc / truonghuuphuc (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-8-3-csv-limited-path-traversal-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-8-3-csv-limited-path-traversal-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:14 Nov, 2024 | 18:15
Updated At:12 Mar, 2025 | 17:58

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
PluginUs.Net (RealMag777)
pluginus
>>wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional>>Versions before 1.0.8.4(exclusive)
cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primaryaudit@patchstack.com
CWE ID: CWE-22
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-8-3-csv-limited-path-traversal-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-8-3-csv-limited-path-traversal-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

449Records found
CVE-2024-38706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 72.17%
||
7 Day CHG-0.04%
Published-12 Jul, 2024 | 14:08
Updated-05 Feb, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-ht_megaHT Mega
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-38768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 60.74%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 20:58
Updated-22 Jan, 2025 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion, Path Traversal.This issue affects The Pack Elementor addons: from n/a through 2.0.8.6.

Action-Not Available
Vendor-webangonWebangon
Product-the_pack_elementor_addonsThe Pack Elementor addons
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 80.35%
||
7 Day CHG+0.22%
Published-25 Oct, 2024 | 00:00
Updated-05 Nov, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.

Action-Not Available
Vendor-radixiotn/aradix_iot
Product-mangoapimangon/amango_apimango_os
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-32674
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.11%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 17:45
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution via traversal in TAL expressions

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.

Action-Not Available
Vendor-zopezopefoundation
Product-zopeZope
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37410
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.68% / 70.69%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:13
Updated-15 Apr, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3.

Action-Not Available
Vendor-ideaboxBeaver Addons
Product-powerpack_for_beaver_builderPowerPack Lite for Beaver Builder
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-32814
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.87%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 16:25
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Skytable

Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading.

Action-Not Available
Vendor-skytableskytable
Product-skytableskytable
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.91% / 74.92%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 12:20
Updated-29 Aug, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.12.

Action-Not Available
Vendor-radiusthemeRadiusTheme
Product-shopbuilderShopBuilder – Elementor WooCommerce Builder Addons
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-1.04% / 76.56%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:10
Updated-29 Aug, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Striking theme <= 2.3.4 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4.

Action-Not Available
Vendor-kaptinlinkaptinlinkaptinlin
Product-strikingStrikingstriking
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-1273
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-10.36% / 92.90%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 07:23
Updated-25 Nov, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ND Shortcodes < 7.0 - Subscriber+ LFI

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks

Action-Not Available
Vendor-nicdarkUnknown
Product-nd_shortcodesND Shortcodes
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-33203
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.30% / 52.86%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 17:52
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

Action-Not Available
Vendor-n/aDjangoFedora Project
Product-djangofedoran/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37092
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.80% / 73.12%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 12:23
Updated-20 Aug, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.

Action-Not Available
Vendor-stylemixthemesStylemixThemesstylemixthemes
Product-consulting_elementor_widgetsConsulting Elementor Widgetsconsulting_elementor_widgets
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37266
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.75% / 72.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:08
Updated-29 Aug, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-93.48% / 99.82%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 00:00
Updated-01 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

Action-Not Available
Vendor-ollaman/a
Product-ollaman/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-4674
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.29%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 16:45
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-32016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.81% / 73.25%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:55
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remote code and command execution.

Action-Not Available
Vendor-jump-technologyn/a
Product-asset_managementn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37513
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.91% / 74.84%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 12:18
Updated-16 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCafe plugin <= 2.2.27 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.

Action-Not Available
Vendor-themewinterThemewinterthemewinter
Product-wpcafeWPCafewpcafe
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37464
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.38% / 58.57%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 11:45
Updated-08 Jan, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5.

Action-Not Available
Vendor-wpzoomWPZOOM
Product-beaver_builder_addonsBeaver Builder Addons by WPZOOM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-36814
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.72% / 71.59%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 00:00
Updated-10 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.

Action-Not Available
Vendor-n/aAdGuard (Adguard Software Ltd.)
Product-n/aadguard_home
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-31385
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.71% / 71.29%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:17
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevate their privileges to root

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-35712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.43% / 61.79%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 15:53
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5.

Action-Not Available
Vendor-meowappsJordy Meow
Product-database_cleanerDatabase Cleaner
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-3571
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-1.29% / 78.81%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 00:00
Updated-29 Jul, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in langchain-ai/langchain

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.

Action-Not Available
Vendor-langchainlangchain-ailangchain-ai
Product-langchainlangchain-ai/langchainlangchain
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-35308
Matching Score-4
Assigner-Pandora FMS
ShareView Details
Matching Score-4
Assigner-Pandora FMS
CVSS Score-8.3||HIGH
EPSS-0.40% / 60.18%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 09:03
Updated-25 Oct, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post-auth Arbitrary File Read in the Server Plugins Section

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-34554
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.48% / 63.91%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:25
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stockholm Core plugin <= 2.4.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through 2.4.1.

Action-Not Available
Vendor-select-themesSelect-Themesselect_themes
Product-stockholm_coreStockholm Corestockholm_core
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-34060
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.81% / 82.07%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 12:01
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Write in IRIS EVTX Pipeline

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.

Action-Not Available
Vendor-dfir-irisdfir-iris
Product-iris-evtx-moduleiris-evtx-module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-34384
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.31%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:17
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through 3.5.1.

Action-Not Available
Vendor-sinaextraSinaExtrasinaextra
Product-sina_extension_for_elementorSina Extension for Elementorsina_extension_for_elementor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-34552
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.48% / 63.91%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:23
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stockholm theme <= 9.6 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.

Action-Not Available
Vendor-select-themesSelect-Themesselect_themes
Product-stockholmStockholmstockholm
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-28798
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 03:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Relative Path Traversal Vulnerability in QTS and QuTS hero

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected.

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-3311
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 51.05%
||
7 Day CHG+0.07%
Published-04 Apr, 2024 | 20:31
Updated-04 Apr, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259369 was assigned to this vulnerability.

Action-Not Available
Vendor-iteachyouDreamerdreamer_cms_project
Product-dreamer_cmsCMSdreamer_cms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-33557
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-1.23% / 78.33%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:05
Updated-26 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore Core plugin <= 5.3.8 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8.

Action-Not Available
Vendor-8theme8theme8theme
Product-xstore_coreXStore Corexstore_core
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-28206
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: path traversal - Record video file function

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-28205
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: path traversal - Delete SOL video file function

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-28208
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: path traversal - Get video file function

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-28209
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: path traversal - Delete video file function

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-28588
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.57% / 92.03%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 14:13
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-robohelp_serverRoboHelp Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3976
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.56%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 21:32
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosMikroTik RouterOS
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-32117
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 46.69%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:53
Updated-21 Jan, 2025 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzer_big_datafortimanagerfortianalyzerFortiManagerFortiAnalyzer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-26814
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-64.02% / 98.36%
||
7 Day CHG~0.00%
Published-06 Mar, 2021 | 01:24
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.

Action-Not Available
Vendor-n/aWazuh, Inc.
Product-wazuhn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-47558
Matching Score-4
Assigner-Xerox Corporation
ShareView Details
Matching Score-4
Assigner-Xerox Corporation
CVSS Score-7.6||HIGH
EPSS-0.22% / 45.00%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 18:19
Updated-16 Oct, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated RCE via Path Traversal

Authenticated RCE via Path Traversal

Action-Not Available
Vendor-Xerox Corporation
Product-freeflow_coreFreeFlow Corefreeflow_core
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-27081
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-5.35% / 89.69%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 16:29
Updated-07 Feb, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESPHome remote code execution via arbitrary file write

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.

Action-Not Available
Vendor-esphomeesphomeesphome
Product-esphomeesphomeesphome
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-27770
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.04%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:23
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-23: Relative Path Traversal

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2024-24992
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-55.89% / 98.00%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-24999
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-5.24% / 89.58%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvlancheavalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-25082
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-1.21% / 78.18%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 10:45
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Popup Builder < 4.0.7 - LFI to RCE

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR

Action-Not Available
Vendor-sygnoosUnknown
Product-popup_builderPopup Builder – Create highly converting, mobile friendly marketing popups.
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-25386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-10.31% / 92.88%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 00:00
Updated-16 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.

Action-Not Available
Vendor-n/alaurelbridge
Product-n/adicom_connectivity_framework
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-24689
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.9||MEDIUM
EPSS-0.85% / 73.89%
||
7 Day CHG+0.04%
Published-28 Feb, 2022 | 09:06
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack

Action-Not Available
Vendor-wpeverestUnknown
Product-contact_formContact Forms – Drag & Drop Contact Form Builder
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-25000
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-2.77% / 85.47%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-23535
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-41.99% / 97.34%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-24962
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.12%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 17:21
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.

Action-Not Available
Vendor-iptanusUnknown
Product-wordpress_file_uploadwordpress_file_upload_proWordPress File UploadWordPress File Upload Pro
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-24320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.86% / 87.74%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 00:00
Updated-21 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.

Action-Not Available
Vendor-mgt-commercen/amgt-commerce
Product-cloudpaneln/acloudpanel
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-43586
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.78%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:17
Updated-02 Aug, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitvirtual_desktop_infrastructurezoomZoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found