Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-40532 Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
network
low complexity
CWE-22
4.3
2023-09-27 CVE-2023-2315 Path Traversal vulnerability in Opencart 4.0.0.0
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
network
low complexity
opencart CWE-22
8.8
2023-09-25 CVE-2023-43382 Path Traversal vulnerability in Iteachyou Dreamer CMS 4.1.3
Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.
network
low complexity
iteachyou CWE-22
8.8
2023-09-25 CVE-2023-43256 Path Traversal vulnerability in Gladysassistant Gladys Assistant
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.
network
low complexity
gladysassistant CWE-22
6.5
2023-09-25 CVE-2023-39407 Path Traversal vulnerability in Huawei Harmonyos 2.0.0
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.
network
low complexity
huawei CWE-22
critical
9.1
2023-09-24 CVE-2023-5142 Path Traversal vulnerability in H3C products
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908.
network
low complexity
h3c CWE-22
5.3
2023-09-22 CVE-2023-38346 Path Traversal vulnerability in Windriver Vxworks 6.9/7.0
An issue was discovered in Wind River VxWorks 6.9 and 7.
network
low complexity
windriver CWE-22
8.8
2023-09-21 CVE-2023-42280 Path Traversal vulnerability in Springernature Mee-Admin 1.5
mee-admin 1.5 is vulnerable to Directory Traversal.
network
low complexity
springernature CWE-22
7.5
2023-09-21 CVE-2023-42456 Path Traversal vulnerability in Memorysafety Sudo
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group.
network
low complexity
memorysafety CWE-22
8.1
2023-09-21 CVE-2023-4760 Path Traversal vulnerability in Eclipse Remote Application Platform
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method.
network
low complexity
eclipse CWE-22
critical
9.8