Total
7548 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47818 | 1 Saltcorn Collective Ltd | 1 Saltcorn | 2024-10-10 | 6.5 Medium |
| Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-36814 | 1 Adguard | 1 Adguard Home | 2024-10-10 | 4.9 Medium |
| An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. | ||||
| CVE-2024-44014 | 1 Vmaxstudio | 1 Vmax Project Manager | 2024-10-08 | 9.6 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0. | ||||
| CVE-2024-44015 | 1 Userscontrol | 1 Users Control | 2024-10-08 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16. | ||||
| CVE-2024-44016 | 1 Mark Steadman | 1 Podiant | 2024-10-08 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1. | ||||
| CVE-2024-20449 | 1 Cisco | 2 Data Center Network Manager, Nexus Dashboard Fabric Controller | 2024-10-08 | 8.8 High |
| A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root. | ||||
| CVE-2024-8352 | 1 Hypestudio | 1 Social Web Suite | 2024-10-08 | 7.5 High |
| The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-9224 | 1 Kau-boys | 1 Hello World | 2024-10-07 | 6.5 Medium |
| The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-44023 | 1 Abc App Creator | 1 Abc App Creator | 2024-10-07 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2. | ||||
| CVE-2024-44034 | 1 Martin Greenwood | 1 Wpspx | 2024-10-07 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2. | ||||
| CVE-2024-44018 | 1 Istmo Plugins | 1 Instant Chat Floating Button For Wordpress Websites | 2024-10-07 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5. | ||||
| CVE-2024-44012 | 2024-10-07 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1. | ||||
| CVE-2024-47323 | 1 Ex-themes | 1 Wp Timeline | 2024-10-07 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. | ||||
| CVE-2024-47309 | 1 Condless | 1 Cities Shopping Zones For Woocommerce | 2024-10-07 | 6.6 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7. | ||||
| CVE-2024-47324 | 1 Ex-themes | 1 Wp Timeline | 2024-10-07 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. | ||||
| CVE-2024-9301 | 1 Netflix | 1 E2nest | 2024-10-07 | 7.5 High |
| A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a | ||||
| CVE-2024-44030 | 2024-10-05 | 7.2 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6. | ||||
| CVE-2024-7149 | 1 Themewinter | 1 Eventin | 2024-10-04 | 8.8 High |
| The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-7950 | 1 Wpjobportal | 1 Wp Job Portal | 2024-10-04 | 9.8 Critical |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator. | ||||
| CVE-2024-47071 | 1 Freepbx | 1 Endpoint Manager | 2024-10-04 | 6.8 Medium |
| OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4. | ||||