Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-17 | CVE-2022-26500 | Path Traversal vulnerability in Veeam Backup & Replication Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | 8.8 |
| 2022-03-17 | CVE-2022-21221 | Path Traversal vulnerability in Fasthttp Project Fasthttp The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. | 7.5 |
| 2022-03-17 | CVE-2022-1000 | Path Traversal vulnerability in Tiny File Manager Project Tiny File Manager Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. | 9.8 |
| 2022-03-16 | CVE-2022-25249 | Path Traversal vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | 7.5 |
| 2022-03-15 | CVE-2021-29134 | Path Traversal vulnerability in Gitea The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. | 5.3 |
| 2022-03-15 | CVE-2022-22771 | Path Traversal vulnerability in Tibco Jasperreports Library and Jasperreports Server The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. | 8.8 |
| 2022-03-15 | CVE-2022-27203 | Path Traversal vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | 6.5 |
| 2022-03-15 | CVE-2022-27208 | Path Traversal vulnerability in Jenkins Kubernetes Continuous Deploy Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | 6.5 |
| 2022-03-15 | CVE-2021-45010 | Path Traversal vulnerability in Tiny File Manager Project Tiny File Manager A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | 8.8 |
| 2022-03-13 | CVE-2021-45887 | Path Traversal vulnerability in Ponton X/P Messenger 3.10.0/3.8.0 An issue was discovered in PONTON X/P Messenger before 3.11.2. | 9.8 |