Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2021-02-26 CVE-2021-21298 Node-Red is a low-code programming for event-driven applications built using nodejs. 0.0
2021-02-25 CVE-2021-21064 Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. 0.0
2021-02-23 CVE-2021-20247 A flaw was found in mbsync before v1.3.5 and v1.4.1. 0.0
2021-02-22 CVE-2021-26725 Path Traversal vulnerability in Nozominetworks Central Management Control and Guardian
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files.
network
low complexity
nozominetworks CWE-22
4.0
2021-02-19 CVE-2021-27328 Path Traversal vulnerability in Yeastar Neogate Tg400 Firmware 91.3.0.3
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal.
network
low complexity
yeastar CWE-22
4.0
2021-02-19 CVE-2020-9050 Path Traversal vulnerability in Johnsoncontrols Metasys Reporting Engine 2.0/2.1
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
network
low complexity
johnsoncontrols CWE-22
5.0
2021-02-18 CVE-2021-23340 Path Traversal vulnerability in Pimcore
This affects the package pimcore/pimcore before 6.8.8.
network
low complexity
pimcore CWE-22
5.5
2021-02-18 CVE-2021-20354 Path Traversal vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories.
network
low complexity
ibm CWE-22
7.8
2021-02-17 CVE-2021-27367 Path Traversal vulnerability in Boltcms Bolt
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
network
low complexity
boltcms CWE-22
5.0
2021-02-17 CVE-2020-13550 Path Traversal vulnerability in Advantech Webaccess/Scada 9.0.1
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1.
network
low complexity
advantech CWE-22
4.0