CVE-2024-35745 WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0...

CVE-2024-35745

CVE-2024-35745 affects Strategery Migrations (WordPress plugin) up to version 1.0. The vulnerability enables unauthenticated arbitrary file deletion via path traversal (as described in the CVE and Red Hat entry). Root cause is improper validation/handling of file paths, allowing deletion/manipula...

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0...

CVE-2024-35744

CVE-2024-35744 describes an improper limitation of a pathname to a restricted directory (path traversal) in Upunzipper for WordPress, affecting Upunzipper versions from n/a through 1.0.0. The NVD Base Score is 6.5 (Medium) with I/H and A/H; Patchstack CNA lists a separate base score of 8.6 (High)...

CVE-2024-35743

Technical details are not publicly available in the provided documents for CVE-2024-35743. Monitor for updates on affected product/version, root cause, impact, and remediation as more authoritative disclosures become available.

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658

CVE-2024-35658: Path Traversal vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows unauthenticated file deletion. Affected: Checkout Field Editor for WooCommerce (Pro) up to version 3.6.2. Root cause: improper limitation of a pathname to restricted directories. Remediati...

CVE-2024-3322

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

CVE-2024-3322

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

CVE-2024-3322 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

CVE-2024-3322 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

CVE-2024-3322

The CVE-2024-3322 path-traversal vulnerability affects parisneo/lollms-webui “cyber_security/codeguard” native personality up to version 9.5. The root cause is improper sanitization of user-supplied code_folder_path in lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor...

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

CVE-2024-3152

The CVE-2024-3152 entry for mintplex-labs/anything-llm has concrete technical details in the connected records: multiple endpoints suffer from improper input validation passed to Prisma and other critical operations, enabling privilege escalation from a default user to admin, read/delete of arbit...

qdrant input validation failure

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...

CVE-2024-5587

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotel...

CVE-2024-35358

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=viewcategory. Manipulating the argument id can result in SQL injection...