Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2024-54520 Path Traversal vulnerability in Apple Macos
A path handling issue was addressed with improved validation.
local
low complexity
apple CWE-22
5.5
5.5
2025-01-27 CVE-2024-45598 Path Traversal vulnerability in Cacti
Cacti is an open source performance and fault management framework.
network
low complexity
cacti CWE-22
4.9
4.9
2025-01-25 CVE-2023-38012 IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
CWE-22
5.3
5.3
2025-01-25 CVE-2024-12885 The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66.
network
low complexity
CWE-22
6.5
6.5
2025-01-25 CVE-2024-13550 Path Traversal vulnerability in Paulrosen ABC Notation
The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode.
network
low complexity
paulrosen CWE-22
6.5
6.5
2025-01-24 CVE-2025-0703 A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d.
network
low complexity
CWE-22
4.3
4.3
2025-01-19 CVE-2024-45652 IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system.
network
low complexity
CWE-22
6.5
6.5
2025-01-17 CVE-2024-10799 The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function.
network
low complexity
CWE-22
6.5
6.5
2025-01-17 CVE-2024-52363 Path Traversal vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
7.5
2025-01-16 CVE-2024-48885 Path Traversal vulnerability in Fortinet products
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.
network
low complexity
fortinet CWE-22
critical
 9.1
9.1