Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
relative vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-7669
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
U-root U-root
7.5
CVSSv3
CVE-2023-25264
An issue exists in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments.
Docmosis Tornado
7.1
CVSSv3
CVE-2023-27993
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and prior to 7.1.1 allows a privileged malicious user to delete arbitrary directories from the underlying file system via crafted CLI commands.
Fortinet Fortiadc
Fortinet Fortiadc 7.2.0
NA
CVE-2023-46197
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a up to and including 1.10.19.
1 Github repository
NA
CVE-2022-45368
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a up to and including 1.75.
7.5
CVSSv3
CVE-2019-13408
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows malicious users to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
Androvideo Vd 1 Firmware
Geovision Gv-vr360 Firmware
Geovision Gv-vd8700 Firmware
NA
CVE-2024-32830
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a up to and including 2.8.8.
9.8
CVSSv3
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.
Servicetonic Servicetonic
NA
CVE-2024-25620
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected direct...
NA
CVE-2024-27282
An issue exists in Ruby 3.x up to and including 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5,...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »