CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

PT-2024-35950 · Unknown · Check-Jsonschema

Name of the Vulnerable Software and Affected Versions: check-jsonschema versions prior to 0.30.0 Description: The default cache strategy in check-jsonschema uses the basename of a remote schema as the name of the file in the cache. This naming allows for conflicts, enabling an attacker to insert...

CVE-2024-52499

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ibrahim Pricing table addon for elementor pricing-table-addon-for-elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through...

Jenkins Plugin Filesystem List Parameter 路径遍历漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A path traversal...

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

PT-2024-35947 · Eddi · Eddi

Name of the Vulnerable Software and Affected Versions: EDDI Enhanced Dialog Driven Interface versions prior to 5.4 Description: A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to acce...

CVE-2024-52787

An issue in the uploaddocuments method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file...

CVE-2024-52787

Vulnerability summary: Libre-chat v0.0.6 is affected by a path traversal flaw in the upload_documents method. By supplying a crafted filename in an uploaded file, an attacker can traverse the filesystem. This is corroborated by multiple sources (Red Hat CVE entry, GHSA advisory, Veracode summary,...

CVE-2024-50054

The CVE-2024-50054 issue affects mySCADA myPRO Manager (myPRO component) where the back-end does not properly validate the user-controlled filename parameter, enabling a path traversal attack to retrieve arbitrary files from the file system. Documents from CISA/ICS indicate an OS command injectio...

CVE-2024-50054 mySCADA myPRO Path Traversal

The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system...

CVE-2024-9257

Logsign Unified SecOps Platform deletegsuitekeyfile Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to...

SUSE CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

PT-2024-33891 · Myscada · Myscada Mypro Manager

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO Manager affected versions not specified Description: The issue arises from insufficient verification of the user-controlled filename parameter by the back-end, allowing an attacker to perform a path traversal attack. This enable...

CVE-2024-10855

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirvuploadfilebychunks function and lack of in all versions up to, and including...

PT-2024-16594 · WordPress · Sirv

Name of the Vulnerable Software and Affected Versions: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress versions up to, and including, 7.3.0 Description: The issue is related to insufficient validation on the filename parameter of the sirv upload file by chunks function, allowing...

WordPress plugin nBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-52428

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12...

Cross-Site Scripting (XSS)

studio-42/elfinder is vulnerable to persistent Cross-site Scripting XSS. The vulnerability is due to a filename restriction bypass, allowing attackers to inject malicious scripts...

WordPress plugin Ads Booster by Ads Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-52381

CVE-2024-52381 affects the ZIJ KART WordPress plugin (versions