Total
137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40573 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | N/A | 4.4 MEDIUM |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder. | |||||
| CVE-2025-22205 | 1 Admiror-design-studio | 1 Admiror Gallery | 2025-06-04 | N/A | 7.5 HIGH |
| Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. | |||||
| CVE-2024-40505 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2025-05-29 | N/A | 9.3 CRITICAL |
| Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. | |||||
| CVE-2024-2863 | 1 Lg | 1 Lg Led Assistant | 2025-04-04 | N/A | 5.3 MEDIUM |
| This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||||
| CVE-2024-0113 | 1 Nvidia | 8 Mga100-hs2, Mlnx-gw, Mlnx-os and 5 more | 2024-12-26 | N/A | 7.5 HIGH |
| NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | |||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | |||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | N/A | 7.5 HIGH |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21418 | 1 Axis | 4 Axis Os, Axis Os 2018, Axis Os 2020 and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21417 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-21 | N/A | 7.1 HIGH |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21416 | 1 Axis | 2 Axis Os, Axis Os 2022 | 2024-11-21 | N/A | 7.1 HIGH |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21415 | 1 Axis | 5 Axis Os, Axis Os 2016, Axis Os 2018 and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2024-11-21 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | |||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2024-11-21 | N/A | 7.5 HIGH |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | |||||
| CVE-2024-47171 | 1 Agnai | 1 Agnai | 2024-10-30 | N/A | 4.3 MEDIUM |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-47169 | 1 Agnai | 1 Agnai | 2024-10-30 | N/A | 8.8 HIGH |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2024-47170 | 1 Agnai | 1 Agnai | 2024-10-29 | N/A | 4.3 MEDIUM |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. | |||||