Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3352

3352 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-37454 WordPress AWSM Team – Team Showcase Plugin plugin <= 1.3.1 - Local File Inclusion vulnerability — AWSM Team 6.5 Medium2024-07-09
CVE-2024-37419 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Local File Inclusion vulnerability — Cowidgets – Elementor Addons 7.5 High2024-07-09
CVE-2024-37268 WordPress Striking theme <= 2.3.4 - Local File Inclusion vulnerability — Striking 8.5 High2024-07-09
CVE-2024-37266 WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability — Tutor LMS 4.9 Medium2024-07-09
CVE-2024-37224 WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability — SP Project & Document Manager 7.5 High2024-07-09
CVE-2024-5456 Panda Video <= 1.4.0 - Authenticated (Contributor+) Local File Inclusion — Panda Video 8.8 High2024-07-09
CVE-2024-37547 WordPress Elementor Addons by Livemesh plugin <= 8.4.0 - Local File Inclusion vulnerability — Livemesh Addons for Elementor 6.5 Medium2024-07-06
CVE-2024-2385 Elementor Addons by Livemesh <= 8.4 - Authenticated (Contributor+) Limited Local File Inclusion via Widgets — Livemesh Addons by Elementor 8.8 High2024-07-04
CVE-2024-5821 Local File Inclusion (LFI) in stitionai/devika — stitionai/devika 9.1AICriticalAI2024-07-03
CVE-2024-5349 LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion — LA-Studio Element Kit for Elementor 8.8 High2024-07-02
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat — geoserver 7.5 High2024-07-01
CVE-2023-47803 Synology Camera Firmware 路径遍历漏洞 — Camera Firmware 5.3 Medium2024-06-28
CVE-2024-6127 BC Security Empire Path Traversal RCE — Empire 9.8 Critical2024-06-27
CVE-2024-5980 Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning — lightning-ai/pytorch-lightning 8.8AIHighAI2024-06-27
CVE-2024-5824 Path Traversal in parisneo/lollms — parisneo/lollms 9.8AICriticalAI2024-06-27
CVE-2024-6085 Path Traversal in parisneo/lollms — parisneo/lollms 9.1AICriticalAI2024-06-27
CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt 7.1AIHighAI2024-06-27
CVE-2024-5548 Directory Traversal in stitionai/devika — stitionai/devika 7.5AIHighAI2024-06-27
CVE-2024-5019 WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability — WhatsUp Gold 5.3 Medium2024-06-25
CVE-2024-5018 WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability — WhatsUp Gold 5.3 Medium2024-06-25
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability — WhatsUp Gold 6.5 Medium2024-06-25
CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui — parisneo/lollms-webui 7.5AIHighAI2024-06-25
CVE-2024-4885 WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability — WhatsUp Gold 9.8 Critical2024-06-25
CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability — WordPress 5.0 Medium2024-06-25
CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` — codechecker 6.5 Medium2024-06-24
CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability — Salon booking system 8.6 High2024-06-24
CVE-2024-37092 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability — Consulting Elementor Widgets 8.5 High2024-06-24
CVE-2024-37089 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability — Consulting Elementor Widgets 9.0 Critical2024-06-24
CVE-2024-35781 WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability — Word Balloon 6.5 Medium2024-06-21
CVE-2024-35778 WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability — Slideshow SE 6.5 Medium2024-06-21

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3352 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.