Skip to main content

CWE-31

Path Traversal: 'dir\..\..\filename'

6 CVEs Avg CVSS 8.3 MITRE
1
CRITICAL
5
HIGH
0
MEDIUM
0
LOW
4
POC
0
KEV

Monthly

CVE-2024-41376 HIGH POC This Week

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dzzoffice
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-36857 npm HIGH POC This Week

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jan
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-35431 HIGH POC This Week

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-24998 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-2044 PyPI CRITICAL POC PATCH THREAT Act Now

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
9.9
EPSS
79.3%
CVE-2024-25840 HIGH PATCH This Week

In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Account Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH POC This Week

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dzzoffice
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jan
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zkbio Cvsecurity
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
EPSS 79% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Pgadmin 4 +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Account Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy