Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-25347 | Path Traversal vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | 7.5 |
| 2022-03-29 | CVE-2022-28146 | Path Traversal vulnerability in Jenkins Continuous Integration With Toad Edge Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | 6.5 |
| 2022-03-29 | CVE-2022-28148 | Path Traversal vulnerability in Jenkins Continuous Integration With Toad Edge The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | 6.5 |
| 2022-03-29 | CVE-2022-28156 | Path Traversal vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | 6.5 |
| 2022-03-29 | CVE-2022-28157 | Path Traversal vulnerability in Jenkins Pipeline: Phoenix Autotest Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | 6.5 |
| 2022-03-28 | CVE-2021-43099 | Path Traversal vulnerability in Diyhi BBS 5.3 An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. | 4.9 |
| 2022-03-28 | CVE-2021-24962 | Path Traversal vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. | 8.8 |
| 2022-03-28 | CVE-2021-44124 | Path Traversal vulnerability in Hiby R3 PRO Firmware 1.5/1.6 Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. | 7.5 |
| 2022-03-28 | CVE-2021-26601 | Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. | 8.1 |
| 2022-03-27 | CVE-2022-26252 | Path Traversal vulnerability in Aapanel 6.8.21 aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. | 6.5 |