CVE-2024-30146

The CVE-2024-30146 entry concerns HCL Domino Leap. Affected component: the endpoint handling import of applications. Root cause: improper access control allowing certain admin users to import applications from the server’s filesystem. Impact as described: potential unauthorized filesystem access ...

CVE-2024-30148

Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem...

Path Traversal

Mock API configuration is vulnerable to Path Traversal. The vulnerability is due to improper handling of user input in templating features, which allows attackers to manipulate file paths and access arbitrary files on the mock server filesystem...

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

Apache Doris 安全漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in...

PT-2025-2787 · Apache · Apache Doris

Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 2.1.8 Apache Doris versions prior to 3.0.3 Description: The issue allows application administrators to read arbitrary files from the server filesystem through path traversal, which is a type of vulnerability kno...

CVE-2024-51534

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial o...

org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also...

CVE-2024-50588

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enabl...

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

CVE-2024-6707

Open WebUI suffers a path traversal and arbitrarily uploaded file vulnerability in version 0.1.105. The flaw arises when uploading files through the HTTP interface (via the + sign in the message input) to a static UPLOAD_DIR; the filename is taken from the request without validation, enabling tra...

CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...

jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

CVE-2024-24908

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem...

CVE-2024-24908

Dell PowerProtect DM5500 (versions 5.15.0.0 and earlier) is affected by CVE-2024-24908 through a directory/path traversal that can allow a remote attacker with high privileges to delete arbitrary files on the server filesystem. Affected component: file system handling within the DM5500 appliance....

CVE-2024-24908

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem...

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

CVE-2024-28977

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of th...

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

CVE-2024-28976

Dell Repository Manager is affected by a Path Traversal vulnerability in the API module, impacting versions prior to 3.4.5. The root cause is path traversal that could allow a local attacker with low privileges to gain unauthorized write access to files on the server filesystem with the web appli...