Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2025-01-19 CVE-2024-45652 IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system.
network
low complexity
CWE-22
6.5
6.5
2025-01-17 CVE-2024-10799 The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function.
network
low complexity
CWE-22
6.5
6.5
2025-01-17 CVE-2024-52363 IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
CWE-22
6.5
6.5
2025-01-15 CVE-2024-57727 Path Traversal vulnerability in Simple-Help Simplehelp
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests.
network
low complexity
simple-help CWE-22
7.5
7.5
2025-01-15 CVE-2024-54535 Path Traversal vulnerability in Apple products
A path handling issue was addressed with improved logic.
network
low complexity
apple CWE-22
4.3
4.3
2025-01-14 CVE-2024-13179 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2025-01-14 CVE-2024-13180 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-22
7.5
7.5
2025-01-14 CVE-2024-13181 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2025-01-14 CVE-2024-39786 Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-22
critical
 9.1
9.1
2025-01-14 CVE-2024-39787 Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-22
critical
 9.1
9.1