The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
154 vulnerabilities with CWE-35
CVE-2024-52447
HIGH
Corporate Zen Contact Page With Google Map <1.6.1 - Path Traversal
CVSS 8.6
CVE-2024-52390
MEDIUM
CYAN Backup <2.5.3 - Path Traversal
CVSS 4.9
CVE-2024-41973
HIGH
Product - Privilege Escalation
CVSS 8.1
CVE-2024-41972
MEDIUM
WAGO CC100, Edge Controller, and PFC100/PFC200 G2 - Arbitrary File Overwrite
CVSS 6.5
CVE-2024-11136
HIGH
TCL Camera - Path Traversal
CVE-2024-51582
HIGH
ThimPress WP Hotel Booking <2.1.4 - Path Traversal
CVSS 7.5
CVE-2024-49770
HIGH
oak <17.1.3 - Info Disclosure
CVE-2024-49258
MEDIUM
Limb WordPress Gallery Plugin - Path Traversal
CVSS 6.5
CVE-2024-45248
HIGH
Multi-DNC - Path Traversal
CVSS 7.5
CVE-2024-47324
HIGH
Ex-Themes WP Timeline - Path Traversal
CVSS 7.5
CVE-2024-47171
MEDIUM
Agnai <1.0.330 - Path Traversal
CVSS 4.3
CVE-2024-47170
MEDIUM
Agnai <1.0.330 - Info Disclosure
CVSS 4.3
CVE-2024-47169
HIGH
Agnai <1.0.330 - RCE
CVSS 8.8
CVE-2024-0067
MEDIUM
AXIS OS - Path Traversal
CVSS 4.3
CVE-2024-7608
MEDIUM
NX-EX-FX-AX-IVX-CMS - Path Traversal
CVSS 5.9
CVE-2024-45190
MEDIUM
Mage AI - Path Traversal
CVSS 6.5
CVE-2024-0113
HIGH
Nvidia Mlnx-os < 3.10.4500 - Path Traversal
CVSS 7.5
CVE-2024-40505
CRITICAL
D-Link DAP-1650 <v.1.03 - Path Traversal
CVSS 9.3
CVE-2024-38706
MEDIUM
HasThemes HT Mega <2.5.7 - Path Traversal
CVSS 6.5
CVE-2024-39171
CRITICAL
Phpvibe < 11.0.46 - Path Traversal
CVSS 9.8
CVE-2024-36991
HIGH
Splunk < 9.0.10 - Path Traversal
CVSS 7.5
CVE-2024-5481
MEDIUM
10web Photo Gallery < 1.8.24 - Path Traversal
CVSS 6.8
CVE-2024-34191
MEDIUM
htmly <2.9.6 - File Deletion
CVSS 6.5
CVE-2024-2654
MEDIUM
WordPress File Manager <7.2.5 - Path Traversal
CVSS 6.8
CVE-2024-27901
HIGH
SAP Asset Accounting - Path Traversal
CVSS 7.2
Details
Vulnerabilities
154