Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-07 | CVE-2024-5481 | Path Traversal vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. | 8.8 |
| 2024-06-06 | CVE-2024-3234 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. | 9.8 |
| 2024-06-06 | CVE-2024-3322 | Path Traversal vulnerability in Lollms web UI A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. | 9.8 |
| 2024-06-06 | CVE-2024-3429 | Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. | 9.8 |
| 2024-06-06 | CVE-2024-4320 | Path Traversal vulnerability in Lollms web UI A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. | 9.8 |
| 2024-06-06 | CVE-2024-4881 | Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. | 7.5 |
| 2024-06-06 | CVE-2024-5187 | Path Traversal vulnerability in Linuxfoundation Onnx 1.16.0 A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. | 8.8 |
| 2024-06-06 | CVE-2024-0520 | Path Traversal vulnerability in Lfprojects Mlflow A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. | 8.8 |
| 2024-06-06 | CVE-2024-2360 | Path Traversal vulnerability in Lollms web UI parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. | 9.8 |
| 2024-06-06 | CVE-2024-2362 | Path Traversal vulnerability in Lollms web UI 9.3 A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. | 9.1 |