Monthly
Path traversal vulnerability in Dell PowerStore Service user allows low-privileged local attackers to modify arbitrary system files through improper input validation. The vulnerability affects multiple PowerStore models (500T through 9200T) and requires local access with low-privilege credentials; CVSS 4.4 reflects the local attack vector and limited integrity impact, though the ability to modify system files poses moderate operational risk for storage appliance integrity.
Path traversal in Snowray Software's File Uploader for WooCommerce plugin (versions up to 1.0.4) enables unauthenticated remote attackers to access arbitrary files on affected WordPress installations through directory traversal sequences. Successful exploitation could result in disclosure of sensitive data, modification of website content, or service disruption. No patch is currently available, requiring administrators to disable or remove the vulnerable plugin.
Squeeze versions 1.7.7 and earlier contain a path traversal vulnerability that allows authenticated attackers to access files outside the intended directory through manipulated file paths. An attacker with valid credentials could leverage this flaw to read sensitive files on the affected system, though code execution and data modification are not possible.
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]
primersoftware Primer MyData for Woocommerce primer-mydata contains a security vulnerability (CVSS 5.3).
Path traversal in Rocket TRUfusion Enterprise through 7.10.5 via /axis2/services endpoint allows authenticated attackers to read and write arbitrary files on the host. EPSS 0.32%.
GE Vernova Enervista UR Setup version 8.6 and earlier on Windows contains a vulnerability allowing high-privileged local attackers to modify system integrity without user interaction. An attacker with administrative privileges could exploit this flaw to alter critical configuration or data, though no patch is currently available.
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell commands “sour (CVSS 2.3).
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell command “grep” t (CVSS 2.3).
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication.
Path traversal vulnerability in Dell PowerStore Service user allows low-privileged local attackers to modify arbitrary system files through improper input validation. The vulnerability affects multiple PowerStore models (500T through 9200T) and requires local access with low-privilege credentials; CVSS 4.4 reflects the local attack vector and limited integrity impact, though the ability to modify system files poses moderate operational risk for storage appliance integrity.
Path traversal in Snowray Software's File Uploader for WooCommerce plugin (versions up to 1.0.4) enables unauthenticated remote attackers to access arbitrary files on affected WordPress installations through directory traversal sequences. Successful exploitation could result in disclosure of sensitive data, modification of website content, or service disruption. No patch is currently available, requiring administrators to disable or remove the vulnerable plugin.
Squeeze versions 1.7.7 and earlier contain a path traversal vulnerability that allows authenticated attackers to access files outside the intended directory through manipulated file paths. An attacker with valid credentials could leverage this flaw to read sensitive files on the affected system, though code execution and data modification are not possible.
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]
primersoftware Primer MyData for Woocommerce primer-mydata contains a security vulnerability (CVSS 5.3).
Path traversal in Rocket TRUfusion Enterprise through 7.10.5 via /axis2/services endpoint allows authenticated attackers to read and write arbitrary files on the host. EPSS 0.32%.
GE Vernova Enervista UR Setup version 8.6 and earlier on Windows contains a vulnerability allowing high-privileged local attackers to modify system integrity without user interaction. An attacker with administrative privileges could exploit this flaw to alter critical configuration or data, though no patch is currently available.
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell commands “sour (CVSS 2.3).
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell command “grep” t (CVSS 2.3).
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication.