152 matches found
EUVD-2024-42866
Malicious code in bioql PyPI...
EUVD-2025-4161
Malicious code in bioql PyPI...
EUVD-2023-51724
Malicious code in bioql PyPI...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816
Summary Security Bulletin:IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION:...
CVE-2024-32116
Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the...
CVE-2024-32116
Fortinet FortiManager/FortiAnalyzer vulnerability CVE-2024-32116 involves multiple relative path traversal flaws that allow a privileged attacker to delete files on the underlying filesystem via crafted CLI requests. Affected products and versions: FortiManager 7.4.0–7.4.2 and prior to 7.2.5; For...
Fortinet FortiWeb Path traversal in API handler (FG-IR-22-136)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-136 advisory. - A relative path traversal vulnerability CWE-23 in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may...
Fortinet FortiWeb Relative path traversal in web API (FG-IR-22-146)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-146 advisory. - A path traversal vulnerability CWE-23 in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6....
Fortinet FortiWeb Path traversal via browse report CGI component (FG-IR-22-142)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-142 advisory. - A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2...
GHSA-9FCX-CV56-W58P Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Impact Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important...
CVE-2024-27770
Unitronics Unistream Unilogic (versions prior to 1.35.227) is affected by CWE-23 Relative Path Traversal in the web-facing component. An attacker could access files outside the web root directory, exposing sensitive data. Remediation: upgrade to version 1.35.227 or later; as a temporary measure, ...
CVE-2024-27770 Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-23: Relative Path Traversal
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal...
CVE-2024-27770 Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-23: Relative Path Traversal
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal...
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1...
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability
Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1. Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affecte...
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-23: Relative Path Traversal CVE ID: CVE-2024-2053 2. Vulnerability Description The Artica Proxy administrative web application attempts to...
CVE-2023-47613
CVE-2023-47613 describes a Relative Path Traversal in Telit Cinterion modems: BGS5, EHS5/6/8, PDS5/6/8, ELS61/81, and PLS62. The vulnerability could allow a local, low-privileged attacker to escape from virtual directories and obtain read/write access to protected files on the targeted system. Th...
JVN#17434995: Shihonkanri Plus vulnerable to relative path traversal
Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability CWE-23. Impact An attacker may execute arbitrary code by having a legitimate user import a specially crafted backup file of the product. Solution Update the software Update the software to the latest version...
CVE-2023-25606
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-23 in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the...
Path traversal
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-23 in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the...