| 2025-01-14 | CVE-2024-36512 | Path Traversal vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | 7.2 |
| 2025-01-14 | CVE-2024-46664 | Path Traversal vulnerability in Fortinet Fortirecorder
A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests. | 4.9 |
| 2025-01-14 | CVE-2024-47566 | Path Traversal vulnerability in Fortinet Fortirecorder
A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | 6.0 |
| 2025-01-09 | CVE-2024-11642 | The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. network low complexity CWE-22 critical | 9.8 |
| 2025-01-08 | CVE-2024-9939 | The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. | 7.5 |
| 2025-01-08 | CVE-2024-10585 | Path Traversal vulnerability in Revmakx Infinitewp Client
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. | 5.3 |
| 2025-01-08 | CVE-2023-52953 | Path Traversal vulnerability in Huawei Emui and Harmonyos
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 9.1 |
| 2025-01-07 | CVE-2024-12152 | The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. | 7.5 |
| 2025-01-07 | CVE-2024-12849 | The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. | 7.5 |
| 2025-01-04 | CVE-2024-41765 | IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. | 6.5 |