Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-23 | CVE-2022-36261 | Path Traversal vulnerability in Taogogo Taocms 3.0.2 An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | 9.1 |
| 2022-08-23 | CVE-2022-34486 | Path Traversal vulnerability in Pukiwiki Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. | 7.2 |
| 2022-08-19 | CVE-2022-2788 | Path Traversal vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. | 7.3 |
| 2022-08-18 | CVE-2022-35204 | Path Traversal vulnerability in Vitejs Vite Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. | 4.3 |
| 2022-08-18 | CVE-2022-37422 | Path Traversal vulnerability in Payara Payara through 5.2022.2 allows directory traversal without authentication. | 7.5 |
| 2022-08-18 | CVE-2022-37060 | Path Traversal vulnerability in Flir AX8 Firmware FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. | 7.5 |
| 2022-08-17 | CVE-2022-1373 | Path Traversal vulnerability in Softing products The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. | 7.2 |
| 2022-08-16 | CVE-2021-42052 | Path Traversal vulnerability in Ipesa E-Flow 3.3.6 IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter. | 7.5 |
| 2022-08-15 | CVE-2020-21365 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. | 7.5 |
| 2022-08-15 | CVE-2020-21642 | Path Traversal vulnerability in Zohocorp Manageengine Analytics Plus Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | 9.8 |