Fallos del tipo CWE-31
11 resultadosCVE-2024-2044CRITICALUnsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4EPSS 79.3%CVE-2024-24998HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 3.2%CVE-2024-36857HIGHJan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.EPSS 2.1%CVE-2024-28088HIGHLangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chEPSS 1.7%CVE-2024-35431HIGHZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from thEPSS 1.0%CVE-2024-41376HIGHdzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.EPSS 1.0%CVE-2024-35429MEDIUMZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.EPSS 0.9%CVE-2024-22723MEDIUMWebtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, anEPSS 0.9%CVE-2019-6268HIGHRAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as dEPSS 0.8%CVE-2023-35860MEDIUMA Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system inEPSS 0.8%CVE-2024-25840HIGHIn the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guEPSS 0.6%