Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3344

3344 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-49285 WordPress SSV MailChimp plugin <= 3.1.5 - Local File Inclusion vulnerability — SSV MailChimp 7.5 High2024-10-17
CVE-2024-49287 WordPress PDF-Rechnungsverwaltung plugin <= 0.0.1 - Local File Inclusion vulnerability — PDF-Rechnungsverwaltung 7.5 High2024-10-17
CVE-2024-49315 WordPress FREE DOWNLOAD MANAGER plugin <= 1.0.0 - Arbitrary File Deletion vulnerability — FREE DOWNLOAD MANAGER 7.5AIHighAI2024-10-17
CVE-2024-49245 WordPress Ahime Image Printer plugin <= 1.0.0 - Arbitrary File Download vulnerability — Ahime Image Printer 8.1 -2024-10-16
CVE-2024-47351 WordPress MaxSlider plugin <= 1.2.3 - Local File Inclusion vulnerability — MaxSlider 7.5 High2024-10-16
CVE-2024-47645 WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability — Top Bar – PopUps – by WPOptin 7.5 High2024-10-16
CVE-2024-45711 SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability — Serv-U 7.5 High2024-10-16
CVE-2019-25213 Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read — Advanced Access Manager – Access Governance for WordPress 9.8 Critical2024-10-16
CVE-2024-48914 Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy — vendure 9.1 Critical2024-10-15
CVE-2024-9676 Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) 6.5 Medium2024-10-15
CVE-2024-46898 SHIRASAGI 安全漏洞 — SHIRASAGI 7.5 -2024-10-15
CVE-2024-0129 NVIDIA NeMo 安全漏洞 — NeMo 6.3 Medium2024-10-15
CVE-2024-9047 WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php — Iptanus File Upload 9.8 Critical2024-10-12
CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. — extract 6.5AIMediumAI2024-10-11
CVE-2024-6971 Path Traversal in parisneo/lollms-webui — parisneo/lollms 8.4AIHighAI2024-10-11
CVE-2024-7514 WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal — Comments Import & Export 6.5 Medium2024-10-11
CVE-2024-47164 The `is_in_or_equal` function may be bypassed in Gradio — gradio 7.4AIHighAI2024-10-10
CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio — gradio 7.5AIHighAI2024-10-10
CVE-2024-7037 Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui — open-webui/open-webui 9.8AICriticalAI2024-10-09
CVE-2024-9675 Buildah: buildah allows arbitrary directory mount 7.8 High2024-10-09
CVE-2024-9575 Local File Inclusion in pretix-widget WordPress plugin — pretix Widget WordPress plugin 9.1AICriticalAI2024-10-09
CVE-2024-47011 Ivanti Avalanche 安全漏洞 — Avalanche 7.5 High2024-10-08
CVE-2024-47010 Ivanti Avalanche 安全漏洞 — Avalanche 7.3 High2024-10-08
CVE-2024-47009 Ivanti Avalanche 安全漏洞 — Avalanche 7.3 High2024-10-08
CVE-2024-9381 Ivanti CSA 安全漏洞 — CSA (Cloud Services Appliance) 7.2 High2024-10-08
CVE-2024-47563 Siemens SINEC Security Monitor 路径遍历漏洞 — SINEC Security Monitor 5.3 Medium2024-10-08
CVE-2024-47818 Logged-in users with any role can delete arbitrary files in @saltcorn/server — saltcorn 6.5 Medium2024-10-07
CVE-2024-47559 Authenticated RCE via Path Traversal — FreeFlow Core 7.6 High2024-10-07
CVE-2024-47558 Authenticated RCE via Path Traversal — FreeFlow Core 7.6 High2024-10-07
CVE-2024-47557 Pre-Auth RCE via Path Traversal — FreeFlow Core 8.3 High2024-10-07

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3344 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.