CVE-2024-6281

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-440
View all →

Vulnerability Description

A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.

Related Vulnerabilities

CVE-2019-5061

HIGH
CVSS:7.4(High)

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has ...

CWE-4402019

CVE-2019-5062

HIGH
CVSS:7.4(High)

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association,...

CWE-4402019

CVE-2019-5108

HIGH
CVSS:7.4(High)

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for station...

CWE-4402019

CVE-2022-3281

HIGH
CVSS:7.5(High)

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote...

CWE-4402022

CVE-2023-32731

HIGH
CVSS:7.5(High)

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of...

CWE-4402023

CVE-2024-30246

HIGH
CVSS:7.1(High)

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly ...

CWE-4402024