Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-06 | CVE-2022-32275 | Path Traversal vulnerability in Grafana 8.4.3 Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. | 7.5 |
| 2022-06-06 | CVE-2022-31483 | Path Traversal vulnerability in multiple products An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. | 8.8 |
| 2022-06-03 | CVE-2022-32270 | Path Traversal vulnerability in Realnetworks Realplayer 20.0.7.309/20.0.8.310 In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. | 9.8 |
| 2022-06-02 | CVE-2022-29597 | Path Traversal vulnerability in Solutions-Atlantic Regulatory Reporting System 500 Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). | 6.5 |
| 2022-06-02 | CVE-2022-1661 | Path Traversal vulnerability in Keysight N6841A RF Firmware and N6854A Firmware The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | 7.5 |
| 2022-06-02 | CVE-2022-28945 | Path Traversal vulnerability in Webbank Webcube 3.2.2 An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | 9.8 |
| 2022-06-02 | CVE-2022-30804 | Path Traversal vulnerability in Elitecms Elite CMS 1.01 elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. | 6.5 |
| 2022-05-31 | CVE-2022-23082 | Path Traversal vulnerability in Mend Curekit In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | 7.5 |
| 2022-05-26 | CVE-2022-30508 | Path Traversal vulnerability in Dedecms 5.7.93 DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | 6.5 |
| 2022-05-26 | CVE-2022-1664 | Path Traversal vulnerability in multiple products Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. | 9.8 |