Total
153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47324 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7. | |||||
| CVE-2024-47171 | 1 Agnai | 1 Agnai | 2026-06-17 | N/A | 4.3 MEDIUM |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-47170 | 1 Agnai | 1 Agnai | 2026-06-17 | N/A | 4.3 MEDIUM |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. | |||||
| CVE-2024-47169 | 1 Agnai | 1 Agnai | 2026-06-17 | N/A | 8.8 HIGH |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-45248 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Multi-DNC – CWE-35: Path Traversal: '.../...//' | |||||
| CVE-2024-45190 | 1 Mage | 1 Mage-ai | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request | |||||
| CVE-2024-41973 | 2026-06-17 | N/A | 8.1 HIGH | ||
| A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. | |||||
| CVE-2024-41972 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. | |||||
| CVE-2024-40505 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2026-06-17 | N/A | 9.3 CRITICAL |
| Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. | |||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2026-06-17 | N/A | 9.8 CRITICAL |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | |||||
| CVE-2024-38706 | 1 Hasthemes | 1 Ht Mega | 2026-06-17 | N/A | 6.5 MEDIUM |
| Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7. | |||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2026-06-17 | N/A | 7.5 HIGH |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |||||
| CVE-2024-34191 | 1 Htmly | 1 Htmly | 2026-06-17 | N/A | 6.5 MEDIUM |
| htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request. | |||||
| CVE-2024-2863 | 1 Lg | 1 Lg Led Assistant | 2026-06-17 | N/A | 5.3 MEDIUM |
| This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||||
| CVE-2024-2654 | 1 Filemanagerpro | 1 File Manager | 2026-06-17 | N/A | 6.8 MEDIUM |
| The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | |||||
| CVE-2024-27901 | 2026-06-17 | N/A | 7.2 HIGH | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2024-21575 | 2026-06-17 | N/A | 8.6 HIGH | ||
| ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE). | |||||
| CVE-2024-1886 | 1 Lg | 1 Webos Signage | 2026-06-17 | N/A | 3.0 LOW |
| This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | |||||
| CVE-2024-11136 | 2026-06-17 | N/A | N/A | ||
| The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage. | |||||
| CVE-2024-10857 | 1 Tychesoftwares | 1 Product Input Fields For Woocommerce | 2026-06-17 | N/A | 6.5 MEDIUM |
| The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||