Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2022-31503 Path Traversal vulnerability in Orchest
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
orchest CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31504 Path Traversal vulnerability in Baiduwenkuspider Flaskweb Project Baiduwenkuspider Flaskweb
The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
baiduwenkuspider-flaskweb-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31505 Path Traversal vulnerability in Mercadoenlineaback Project Mercadoenlineaback
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
mercadoenlineaback-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31506 Path Traversal vulnerability in CMU Opendiamond
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
cmu CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31507 Path Traversal vulnerability in Ganga Project Ganga
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
ganga-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31508 Path Traversal vulnerability in Idayrus E-Voting
The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
idayrus CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31509 Path Traversal vulnerability in Iedadata Usap-Dc web Submission and Dataset Search 1.0/1.0.0/1.0.1
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
iedadata CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31510 Path Traversal vulnerability in Simple-Rat Project Simple-Rat 20220503
The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
simple-rat-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31511 Path Traversal vulnerability in Equanimity Project Equanimity
The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
equanimity-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31512 Path Traversal vulnerability in Flask-Mvc Project Flask-Mvc
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
flask-mvc-project CWE-22
critical
 9.3
9.3