CWE-31

11 CVEs classified under CWE-31. Browse by severity and year.

Top CVEs for CWE-31
CVESeverityScorePublishedSummary
CVE-2024-2044Critical9.92024-03-07pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Wind…
CVE-2024-41376High8.82024-08-05dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.
CVE-2024-24998High8.82024-04-19A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM…
CVE-2024-28088High8.12024-03-04LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypa…
CVE-2024-36857High7.52024-06-04Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
CVE-2024-35431High7.52024-05-30ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Thi…
CVE-2019-6268High7.52024-03-08RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by read…
CVE-2024-25840High7.52024-02-27In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download pe…
CVE-2024-35429Medium6.52024-05-30ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
CVE-2023-35860Medium5.32024-06-13A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the d…
CVE-2024-22723Medium4.92024-02-28Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can…