Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-33690 Path Traversal vulnerability in Google Android 12.0
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
local
low complexity
google CWE-22
3.3
3.3
2022-07-11 CVE-2022-31501 Path Traversal vulnerability in Onyxforum Project Onyxforum
The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
onyxforum-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31502 Path Traversal vulnerability in Wormnest Project Wormnest
The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
wormnest-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31503 Path Traversal vulnerability in Orchest
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
orchest CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31504 Path Traversal vulnerability in Baiduwenkuspider Flaskweb Project Baiduwenkuspider Flaskweb
The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
baiduwenkuspider-flaskweb-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31505 Path Traversal vulnerability in Mercadoenlineaback Project Mercadoenlineaback
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
mercadoenlineaback-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31506 Path Traversal vulnerability in CMU Opendiamond
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
cmu CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31507 Path Traversal vulnerability in Ganga Project Ganga
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
ganga-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31508 Path Traversal vulnerability in Idayrus E-Voting
The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
idayrus CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31509 Path Traversal vulnerability in Iedadata Usap-Dc web Submission and Dataset Search 1.0/1.0.0/1.0.1
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
iedadata CWE-22
critical
 9.3
9.3