Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-12482 Path Traversal vulnerability in Cjbi Wetech-Cms 1.0/1.1/1.2
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2.
network
low complexity
cjbi CWE-22
4.3
2024-12-10 CVE-2024-45709 SolarWinds Web Help Desk was susceptible to a local file read vulnerability.
network
high complexity
CWE-22
5.3
2024-11-27 CVE-2024-11667 Path Traversal vulnerability in Zyxel ZLD
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
network
low complexity
zyxel CWE-22
critical
9.8
2024-11-27 CVE-2024-53676 Path Traversal vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
network
low complexity
hpe CWE-22
critical
9.8
2024-11-18 CVE-2020-26071 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands.
local
low complexity
CWE-22
8.4
2024-11-18 CVE-2024-41971 A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.
network
low complexity
CWE-22
8.1
2024-11-15 CVE-2024-44625 Path Traversal vulnerability in Gogs
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
network
low complexity
gogs CWE-22
8.8
2024-11-15 CVE-2024-41784 Path Traversal vulnerability in IBM Sterling Secure Proxy
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2024-11-13 CVE-2024-48510 Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
network
low complexity
dotnetzip-semverd-project CWE-22
critical
9.8
2024-11-12 CVE-2024-50322 Path Traversal vulnerability in Ivanti Endpoint Manager
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.
local
low complexity
ivanti CWE-22
7.8