CVE & Exploit Intelligence Database

CVE-2024-46664 5.5 MEDIUM EPSS 0.01

A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests.

CWE-22 Jan 14, 2025

CVE-2024-32115 5.5 MEDIUM EPSS 0.01

A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.

CWE-22 Jan 14, 2025

CVE-2025-0390 5.3 MEDIUM EPSS 0.00

A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.

CWE-24 Jan 11, 2025

CVE-2025-0225 4.3 MEDIUM EPSS 0.00

A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CWE-25 Jan 05, 2025

CVE-2024-13130 4.3 MEDIUM EPSS 0.00

A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CWE-24 Jan 05, 2025

CVE-2024-12897 4.3 MEDIUM EPSS 0.00

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CWE-24 Dec 23, 2024

CVE-2023-34990 9.8 CRITICAL NUCLEI EPSS 0.53

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

CWE-94 Dec 18, 2024

CVE-2024-12645 6.5 MEDIUM EPSS 0.00

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system.

CWE-352 Dec 16, 2024

CVE-2024-12642 8.1 HIGH EPSS 0.01

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user's system.

CWE-352 Dec 16, 2024

CVE-2024-49062 6.5 MEDIUM EPSS 0.01

Microsoft SharePoint Information Disclosure Vulnerability

CWE-23 Dec 12, 2024

CVE-2024-12482 4.3 MEDIUM 1 Writeup EPSS 0.01

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-22 Dec 12, 2024

CVE-2024-54154 8.0 HIGH EPSS 0.00

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

CWE-22 Dec 04, 2024

CVE-2024-11315 9.8 CRITICAL EPSS 0.05

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

CWE-22 Nov 18, 2024

CVE-2024-11314 9.8 CRITICAL EPSS 0.05

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

CWE-22 Nov 18, 2024

CVE-2024-11313 9.8 CRITICAL EPSS 0.05

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

CWE-22 Nov 18, 2024

CVE-2024-11312 9.8 CRITICAL EPSS 0.05

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

CWE-22 Nov 18, 2024

CVE-2024-11311 9.8 CRITICAL EPSS 0.05

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

CWE-22 Nov 18, 2024

CVE-2024-11310 7.5 HIGH EPSS 0.00

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

CWE-22 Nov 18, 2024

CVE-2024-11309 7.5 HIGH EPSS 0.00

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

CWE-22 Nov 18, 2024

CVE-2024-35274 2.3 LOW EPSS 0.00

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.

CWE-22 Nov 12, 2024