Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20345 | 1 Cisco | 1 Appdynamics Controller | 2025-04-30 | N/A | 6.5 MEDIUM |
| A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. | |||||
| CVE-2024-31551 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. | |||||
| CVE-2024-25466 | 1 React-native-documents | 1 Document Picker | 2025-03-27 | N/A | 7.8 HIGH |
| Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. | |||||
| CVE-2024-29466 | 2025-03-20 | N/A | 8.8 HIGH | ||
| Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. | |||||
| CVE-2025-25295 | 2025-02-14 | N/A | N/A | ||
| Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a `download` function on the `label-studio-sdk` python package, which fails to validate file paths when processing image references during task exports. By creating tasks with path traversal sequences in the image field, an attacker can force the application to read files from arbitrary server filesystem locations when exporting projects in any of the mentioned formats. This is authentication-required vulnerability allowing arbitrary file reads from the server filesystem. It may lead to potential exposure of sensitive information like configuration files, credentials, and confidential data. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it. | |||||
| CVE-2024-5866 | 1 Delinea | 1 Privileged Access Service | 2024-11-21 | N/A | 5.0 MEDIUM |
| Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch. | |||||
| CVE-2024-5865 | 1 Delinea | 1 Privileged Access Service | 2024-11-21 | N/A | 7.7 HIGH |
| Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch. | |||||
| CVE-2024-39673 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 6.8 MEDIUM |
| Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-28064 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages). | |||||
| CVE-2023-50255 | 1 Deepin | 1 Deepin-compressor | 2024-11-21 | N/A | 9.3 CRITICAL |
| Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. | |||||